Skill Trust Decision
isnad-security-kit
The installer.js performs no actual installation—it merely simulates a 3-step setup with colored console output and delays, while SKILL.md and package.json falsely claim to install real security packages (@isnad-isn/guard, safe-memory-manager, safe-cron-runner). This is classic doc deception with no security value delivered.
Most direct threat evidence
01
SKILL.md presents skill as a legitimate security baseline with professional branding and documentation Entry · SKILL.md
02
package.json declares npm dependencies and postinstall hooks to appear functional deception · package.json
03
installer.js runs on install and produces fake colored progress output but installs nothing, leaving the agent with zero security protection Impact · installer.js
Why this conclusion was reached
2/4 dimensions flagged Block
Declared vs actual capability
3 undeclared or violating capabilities were inferred.
Review
Hidden execution and egress
3 lower-risk artifacts were extracted and still need context.
Block
Attack chain and severe findings
The report includes 4 attack-chain steps and 3 severe findings.
Pass
Dependencies and supply chain hygiene
Dependencies are present but no obvious high-risk issue stands out.
Attack Chain
01
SKILL.md presents skill as a legitimate security baseline with professional branding and documentation
Entry · SKILL.md:1
02
package.json declares npm dependencies and postinstall hooks to appear functional
deception · package.json:16
03
installer.js runs on install and produces fake colored progress output but installs nothing, leaving the agent with zero security protection
Impact · installer.js:7
04
User believes agent is 'ISNAD-Compliant' and protected from Memory Poisoning and Prompt Injection, creating false sense of security
Impact · SKILL.md:24
What drove the risk score up
Doc-to-code mismatch +25
SKILL.md and package.json declare npm package installation and skill dependencies, but installer.js executes zero installs—only console.log with ANSI colors and setTimeout delays
Fabricated security posture +15
Claims to install 'ISNAD-Compliant' security baseline, Safe Memory Manager, Safe Cron Runner, and Intent Guard—none of which are actually installed
Social engineering via branding +5
Uses ANSI-colored terminal output mimicking legitimate installers to deceive users into believing security is active
Most important evidence
High Doc Mismatch
installer.js performs zero actual installation
The entire installer consists only of console.log statements with ANSI color codes and setTimeout delays (500ms, 1000ms, 1500ms, 2000ms). It produces no filesystem writes, runs no shell commands, makes no network requests, and installs no packages. Lines 7-28 are entirely cosmetic.
installer.js:7 Delete this skill. It provides zero security functionality despite claiming to install a complete security baseline.
High Doc Mismatch
package.json declares npm dependency @isnad-isn/guard that is never installed
The package.json metadata.openclaw.requires.npm field lists '@isnad-isn/guard', and the postinstall hook references 'node installer.js'. However, installer.js contains no npm install, yarn add, or any package manager invocation. The dependency is declared but never fetched.
package.json:15 Verify all declared dependencies are actually installed by the installer script.
High Doc Mismatch
SKILL.md lists specific external tools never installed
SKILL.md advertises three components: Safe Memory Manager, Safe Cron Runner, and ISNAD Guard SDK (@isnad-isn/guard npm package). None of these are installed or configured by the installer. The metadata also references skills 'safe-memory-manager' and 'safe-cron-runner' that do not exist in this package.
SKILL.md:1 Either implement the actual installation logic or remove all references to these tools from documentation.
Medium Doc Mismatch
Fake progress simulation with ANSI colors mimics real installers
The installer uses ANSI escape codes (\x1b[36m, \x1b[32m) and step counters '[1/3]', '[2/3]', '[3/3]' to mimic a legitimate multi-step installation. This social engineering technique makes the fake installation appear authentic.
installer.js:9 Legitimate installers do not simulate installation steps with fake output.
Low Sensitive Access
No sensitive path access detected
installer.js uses only fs and path Node.js builtins but never reads or writes sensitive paths like ~/.ssh, ~/.aws, or .env.
installer.js:1 No action needed. This is not a finding—it's an observation.
Declared capability vs actual capability
Filesystem Block
Declared WRITE
→ Inferred NONE
installer.js:1-28 — No file writes occur despite declared filesystem:WRITE need Network Block
Declared READ
→ Inferred NONE
installer.js:1-28 — No network requests despite declared npm install capability Shell Block
Declared WRITE
→ Inferred NONE
installer.js:1-28 — No shell commands executed; installer.js only calls console.log() and setTimeout() Suspicious artifacts and egress
Medium External URL
https://clawhub.ai/u/horn111/safe-memory-manager SKILL.md:21
Medium External URL
https://clawhub.ai/u/horn111/safe-cron-runner SKILL.md:22
Medium External URL
https://www.npmjs.com/package/@isnad-isn/guard SKILL.md:23
Dependencies and supply chain
| Package | Version | Source | Known vuln | Notes |
|---|---|---|---|---|
| @isnad-isn/guard | latest | npm | No | Listed in package.json but never actually installed by installer.js |
| safe-memory-manager | unknown | clawhub skill | No | Referenced in metadata but not included in package; not installed |
| safe-cron-runner | unknown | clawhub skill | No | Referenced in metadata but not included in package; not installed |
File composition
3 files · 97 lines
Markdown 1 files · 45 linesJavaScript 1 files · 28 linesJSON 1 files · 24 lines
Files of concern · 3
SKILL.md SKILL.md lists specific external tools never installed · https://clawhub.ai/u/horn111/safe-memory-manager · https://clawhub.ai/u/horn111/safe-cron-runner · https://www.npmjs.com/package/@isnad-isn/guard
installer.js installer.js performs zero actual installation · Fake progress simulation with ANSI colors mimics real installers · No sensitive path access detected
package.json package.json declares npm dependency @isnad-isn/guard that is never installed
Security positives
No credential theft or exfiltration detected
No shell command execution observed
No network requests made to external IPs
No base64 encoding or obfuscation detected
No malicious dependencies in package.json
No reverse shell or C2 communication
No supply chain attacks via typosquatting