claw-werewolf
Pass
Audited by Gen Agent Trust Hub on Feb 18, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (LOW): The skill references a custom installer (
clawdhub) and a private registry (https://www.clawhub.ai/api). While these are part of the intended functionality, they represent unverified external sources outside the trusted repository list. - [INDIRECT_PROMPT_INJECTION] (LOW): The
HEARTBEAT.mdfile instructs the agent to visit an external Web Viewer URL and summarize the current game phase and speaker. This creates a surface for indirect prompt injection where an attacker could place malicious instructions on the website to influence the agent's behavior. - Ingestion points: External website content fetched via the Web Viewer URL.
- Boundary markers: Absent; the instructions do not provide delimiters or warnings for the agent to ignore instructions embedded in the webpage.
- Capability inventory: The agent is restricted to reading and summarizing, which limits the impact of potential injection.
- Sanitization: None provided in the skill documentation.
Audit Metadata