Is skill/workspace-casual-lucas safe?

https://clawhub.ai/skill/workspace-casual-lucas

47
DANGEROUS

This skill appears to be a simple workspace utility but contains extremely dangerous code that provides unrestricted command execution and file system access. The run_command function can execute any shell command while open_file can read any file on the system, enabling complete system compromise and data exfiltration.

Category Scores

Prompt Injection 90/100 · 30%
Data Exfiltration 5/100 · 25%
Code Execution 0/100 · 20%
Clone Behavior 85/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 0/100 · 5%

Findings (5)

CRITICAL Arbitrary Command Execution -100

The run_command function uses execSync to execute any command passed to it without validation, sanitization, or restrictions. This allows complete system compromise.

CRITICAL Unrestricted File System Access -95

The open_file function can read any file on the system using path.resolve() without access controls. Combined with list_workspace, this enables complete data exfiltration.

HIGH Overprivileged System Access -100

Skill presents as a simple workspace utility but provides dangerous system-level capabilities that vastly exceed its stated purpose. The casual trigger patterns make accidental activation highly likely.

MEDIUM Overly Broad Trigger Patterns -10

Regular expression patterns in triggers.json are very permissive and could be accidentally activated by normal conversation.

MEDIUM Network Connections During Install -15

Skill made connections to external IP addresses beyond the expected ClawHub registry during installation.