clawtributor
Facilitates community incident reporting for AI agents, enhancing collective security by allowing users to report threats and vulnerabilities.
Install this skill
Security score
The clawtributor skill was audited on Mar 1, 2026 and we found 14 security issues across 5 threat categories, including 1 critical. Review the findings below before installing.
Categories Tested
Security Issues
Template literal with variable interpolation in command context
| 52 | ```bash |
Template literal with variable interpolation in command context
| 326 | ```bash |
Template literal with variable interpolation in command context
| 509 | ```bash |
Curl to non-GitHub URL
| 27 | LATEST_TAG=$(curl -sSL https://api.github.com/repos/prompt-security/ClawSec/releases | \ |
Access to hidden dotfiles in home directory
| 46 | mkdir -p ~/.openclaw/skills/clawtributor |
Access to hidden dotfiles in home directory
| 505 | Save to: `~/.openclaw/clawtributor-state.json` |
Access to hidden dotfiles in home directory
| 573 | CURRENT_VERSION=$(jq -r '.version' ~/.openclaw/skills/clawtributor/skill.json 2>/dev/null || echo "unknown") |
Prompt injection: ignore instructions
| 270 | - "Ignore previous instructions..." |
External URL reference
| 5 | homepage: https://gclawsec.prompt.security |
External URL reference
| 17 | **An open source project by [Prompt Security](https://prompt.security)** |
External URL reference
| 27 | LATEST_TAG=$(curl -sSL https://api.github.com/repos/prompt-security/ClawSec/releases | \ |
External URL reference
| 55 | https://api.github.com/repos/prompt-security/ClawSec/releases | \ |
External URL reference
| 577 | LATEST_URL="https://api.github.com/repos/prompt-security/ClawSec/releases" |
External URL reference
| 608 | Built with 🤝 by the [Prompt Security](https://prompt.security) team and the agent community. |
Install this skill with one command
/learn @prompt-security/clawtributor