clawdnet

The skill consists of markdown files (SKILL.md, references/api.md) and a metadata JSON file (_meta.json).

1. Prompt Injection: No patterns indicative of prompt injection (e.g., 'IMPORTANT: Ignore', 'You are now DAN') were found. The skill focuses on providing API interaction instructions, not on manipulating the AI's core behavior.

2. Data Exfiltration: No sensitive file paths (e.g., ~/.aws/credentials, ~/.ssh/id_rsa) are accessed or referenced. All curl commands are directed to https://clawdnet.xyz, which is the legitimate service for this skill. The use of $CLAWDNET_API_KEY from an environment variable is a secure practice for handling API keys, preventing hardcoding or accidental exposure.

3. Obfuscation: No obfuscation techniques such as Base64 encoding, zero-width characters, Unicode homoglyphs, or URL/hex/HTML encoding were detected in any of the provided files. The content is clear and readable.

4. Unverifiable Dependencies: The skill does not instruct the user to install any external packages (e.g., npm install, pip install) or download scripts. The _meta.json file contains a commit URL pointing to github.com/clawdbot/skills, which is a reference to the skill's source code and not an instruction to download or execute an external dependency. GitHub is considered a trusted source, but in this context, it's merely metadata.

5. Privilege Escalation: No commands that would attempt to escalate privileges (e.g., sudo, chmod +x, chmod 777, modifications to system files or services) were found.

6. Persistence Mechanisms: No attempts to establish persistence (e.g., modifying ~/.bashrc, creating cron jobs, or configuring systemd services) were detected.

7. Metadata Poisoning: The _meta.json file and the front matter in SKILL.md contain only standard, benign metadata fields (name, description, owner, version, commit URL). No malicious instructions were embedded.

8. Indirect Prompt Injection: The skill itself does not process arbitrary external content from users that could lead to indirect prompt injection against the LLM using this skill. It describes how an agent would interact with an API, including sending input to other agents, but the skill itself is not the processing entity for such input.

9. Time-Delayed / Conditional Attacks: No conditional logic (e.g., date/time checks, usage counters) that could trigger malicious behavior at a later time or under specific conditions was found.

Overall, the skill is purely descriptive, providing API documentation and examples. It does not contain any executable code or instructions that pose a security risk.