promptbuddy Security Report — Suspicious | ClawSafe

50 /100

promptbuddy

智能 Prompt 优化工具 - A prompt optimization skill that transforms user queries into structured prompts

Skill is documentation-only with no implementation files, yet declares execution of an external Python script that doesn't exist in the package, creating an unverified execution vector.

Skill Namepromptbuddy

Duration41.0s

Enginepi

⚠

Use with caution

Do not use until: (1) Implementation scripts are bundled and verifiable, (2) Script integrity is verified, (3) Permissions are explicitly declared, (4) The 'global forced execution' behavior is justified and documented.

Attack Chain 4 steps

◎

Entry User installs skill expecting prompt optimization

SKILL.md:1

⬡

Escalation Attacker places malicious script at ~/.openclaw/workspace/skills/promptbuddy/scripts/smart_engine.py

SKILL.md:8

⬡

Escalation Skill executes external Python script on every user input

SKILL.md:8

◉

Impact Malicious script can exfiltrate data, execute arbitrary code, or harvest credentials

~/.openclaw/workspace/skills/promptbuddy/scripts/smart_engine.py

Findings 4 items

Severity	Finding	Location
High	Missing Implementation Files Doc Mismatch The skill declares execution of 'scripts/smart_engine.py' but this script does not exist in the package. Users install this skill expecting prompt optimization, but the actual behavior depends entirely on an external script at ~/.openclaw/workspace/skills/promptbuddy/scripts/smart_engine.py that could be replaced with arbitrary code. `cd ~/.openclaw/workspace/skills/promptbuddy && python3 scripts/smart_engine.py -f json` → Either include the script in the package with integrity verification, or remove this skill until proper bundling is implemented.	`SKILL.md:8`
Medium	Undeclared Shell Execution Priv Escalation The skill instructs the AI agent to execute shell commands (python3) without declaring shell:WRITE in any allowed-tools section. This is hidden functionality that operates outside the declared capability model. `cd ~/.openclaw/workspace/skills/promptbuddy && python3 scripts/smart_engine.py -f json "用户输入"` → Declare shell:WRITE permission explicitly if shell execution is required, or remove the execution requirement.	`SKILL.md:8`
Medium	Hardcoded Framework Path Access Sensitive Access The skill references a specific framework installation path (~/.openclaw) without declaring filesystem access to this path. This path could contain sensitive configuration or user data. `~/.openclaw/workspace/skills/promptbuddy` → Declare filesystem:READ permission for the required paths, or use a sandboxed execution environment.	`SKILL.md:8`
Low	No declared allowed-tools section Doc Mismatch The SKILL.md lacks a standard 'allowed-tools' section that would declare required permissions. According to the capability model, this should map Bash to shell:WRITE. `--- name: promptbuddy` → Add a proper allowed-tools declaration at the top of SKILL.md.	`SKILL.md:1`

Resource	Declared	Inferred	Status	Evidence
Shell	`NONE`	`WRITE`	✓ Aligned	SKILL.md: Executes 'python3 scripts/smart_engine.py' without declaring shell:WRI…
Filesystem	`NONE`	`READ`	✓ Aligned	SKILL.md: References ~/.openclaw/workspace/skills/promptbuddy path without permi…

File Tree

1 files · 5.1 KB · 145 lines

Markdown 1f · 145L

└─ 📝 SKILL.md Markdown 145L · 5.1 KB

Security Positives

✓ No malicious code directly present in the package

✓ No credential harvesting observed

✓ No network exfiltration detected in documentation

✓ No base64-encoded payloads or obfuscation techniques found

Scan Report

Attack Chain 4 steps

Findings 4 items

File Tree

Security Positives