isnad-security-kit Security Report — Suspicious | ClawSafe

45 /100

isnad-security-kit

The ultimate security baseline for autonomous AI agents. Installs the complete ISNAD protocol stack with zero configuration.

The installer.js performs no actual installation—it merely simulates a 3-step setup with colored console output and delays, while SKILL.md and package.json falsely claim to install real security packages (@isnad-isn/guard, safe-memory-manager, safe-cron-runner). This is classic doc deception with no security value delivered.

Skill Nameisnad-security-kit

Duration43.9s

Enginepi

⚠

Use with caution

Do not use this skill. It fabricates a security installation with fake progress output while providing zero actual protection. Users believing they are ISNAD-compliant are dangerously exposed.

Attack Chain 4 steps

◎

Entry SKILL.md presents skill as a legitimate security baseline with professional branding and documentation

SKILL.md:1

⬡

Escalation package.json declares npm dependencies and postinstall hooks to appear functional

package.json:16

◉

Impact installer.js runs on install and produces fake colored progress output but installs nothing, leaving the agent with zero security protection

installer.js:7

◉

Impact User believes agent is 'ISNAD-Compliant' and protected from Memory Poisoning and Prompt Injection, creating false sense of security

SKILL.md:24

Findings 5 items

Severity	Finding	Location
High	installer.js performs zero actual installation Doc Mismatch The entire installer consists only of console.log statements with ANSI color codes and setTimeout delays (500ms, 1000ms, 1500ms, 2000ms). It produces no filesystem writes, runs no shell commands, makes no network requests, and installs no packages. Lines 7-28 are entirely cosmetic. `console.log("\x1b[36m" + " 🛡️ ISNAD SECURITY KIT 🛡️" + "\x1b[0m");` → Delete this skill. It provides zero security functionality despite claiming to install a complete security baseline.	`installer.js:7`
High	package.json declares npm dependency @isnad-isn/guard that is never installed Doc Mismatch The package.json metadata.openclaw.requires.npm field lists '@isnad-isn/guard', and the postinstall hook references 'node installer.js'. However, installer.js contains no npm install, yarn add, or any package manager invocation. The dependency is declared but never fetched. `"npm": ["@isnad-isn/guard"]` → Verify all declared dependencies are actually installed by the installer script.	`package.json:15`
High	SKILL.md lists specific external tools never installed Doc Mismatch SKILL.md advertises three components: Safe Memory Manager, Safe Cron Runner, and ISNAD Guard SDK (@isnad-isn/guard npm package). None of these are installed or configured by the installer. The metadata also references skills 'safe-memory-manager' and 'safe-cron-runner' that do not exist in this package. `Safe Memory Manager, Safe Cron Runner, ISNAD Guard SDK` → Either implement the actual installation logic or remove all references to these tools from documentation.	`SKILL.md:1`
Medium	Fake progress simulation with ANSI colors mimics real installers Doc Mismatch The installer uses ANSI escape codes (\x1b[36m, \x1b[32m) and step counters '[1/3]', '[2/3]', '[3/3]' to mimic a legitimate multi-step installation. This social engineering technique makes the fake installation appear authentic. `console.log("✅ [1/3] Safe Memory Manager linked. Prompt injection vectors patched.");` → Legitimate installers do not simulate installation steps with fake output.	`installer.js:9`
Low	No sensitive path access detected Sensitive Access installer.js uses only fs and path Node.js builtins but never reads or writes sensitive paths like ~/.ssh, ~/.aws, or .env. `const fs = require('fs'); const path = require('path');` → No action needed. This is not a finding—it's an observation.	`installer.js:1`

Resource	Declared	Inferred	Status	Evidence
Filesystem	`WRITE`	`NONE`	✗ Violation	installer.js:1-28 — No file writes occur despite declared filesystem:WRITE need
Network	`READ`	`NONE`	✗ Violation	installer.js:1-28 — No network requests despite declared npm install capability
Shell	`WRITE`	`NONE`	✗ Violation	installer.js:1-28 — No shell commands executed; installer.js only calls console.…

3 findings

🔗

Medium External URL 外部 URL

https://clawhub.ai/u/horn111/safe-memory-manager

SKILL.md:21

🔗

Medium External URL 外部 URL

https://clawhub.ai/u/horn111/safe-cron-runner

SKILL.md:22

🔗

Medium External URL 外部 URL

https://www.npmjs.com/package/@isnad-isn/guard

SKILL.md:23

File Tree

3 files · 3.5 KB · 97 lines

Markdown 1f · 45L JavaScript 1f · 28L JSON 1f · 24L

├─ 📜 installer.js JavaScript 28L · 1.0 KB

├─ 📋 package.json JSON 24L · 631 B

└─ 📝 SKILL.md Markdown 45L · 1.8 KB

Dependencies 3 items

Package	Version	Source	Known Vulns	Notes
`@isnad-isn/guard`	`latest`	npm	No	Listed in package.json but never actually installed by installer.js
`safe-memory-manager`	`unknown`	clawhub skill	No	Referenced in metadata but not included in package; not installed
`safe-cron-runner`	`unknown`	clawhub skill	No	Referenced in metadata but not included in package; not installed

Security Positives

✓ No credential theft or exfiltration detected

✓ No shell command execution observed

✓ No network requests made to external IPs

✓ No base64 encoding or obfuscation detected

✓ No malicious dependencies in package.json

✓ No reverse shell or C2 communication

✓ No supply chain attacks via typosquatting

Scan Report

Attack Chain 4 steps

Findings 5 items

File Tree

Dependencies 3 items

Security Positives