claw-onboarding
Fail
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: CRITICALEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill references
https://solvr.devinSKILL.mdandREADME.md, which has been flagged as malicious by security scanners. - [PROMPT_INJECTION]: The skill exposes the agent to Indirect Prompt Injection (Category 8) by design.
- Ingestion points: The agent is instructed to fetch 'solutions' from the external platform
solvr.devand browseclawhub.comas described inSKILL.md. - Boundary markers: Absent. There are no instructions to treat external 'solutions' as untrusted or to use delimiters to prevent the agent from obeying embedded instructions.
- Capability inventory: The skill explicitly lists powerful capabilities including file read/write, shell command execution, and email access in
SKILL.md. - Sanitization: Absent. The agent is encouraged to adopt solutions found externally without validation or filtering.
- [DATA_EXFILTRATION]: The skill instructions encourage the agent to document 'problems and approaches' to
https://solvr.dev(SKILL.md). This promotes the transmission of potentially sensitive conversation context, user preferences, or system details to an untrusted external service. - [COMMAND_EXECUTION]: The tutorial encourages users to execute commands such as
clawdhub install <skill-name>, which facilitates the installation and execution of third-party code from external repositories. While presented as a feature, it normalizes high-risk behavior for new users.
Recommendations
- Contains 1 malicious URL(s) - DO NOT USE
Audit Metadata