isnad-scan

clawhub:isnad-scan

View source

27/100

First Seen

Feb 20, 2026

Last Scanned

Feb 22, 2026

Findings

Score

27/100

CRITICAL 2

HIGH 1

MEDIUM 1

LOW 1

Findings (5)

CRITICAL

Text combines credential access with network transmission NLP_CRED_EXFIL_COMBO

exfiltration L41

Text combines credential access with network transmission

Code Injection — shell execution, eval, exec, subprocess, os.system, dynamic imports
Prompt Injection — role override attempts, instruction hijacking, jailbreak patterns
Credential Exfiltration ��...

FIX

Remove the combination of credential access and network transmission from the tool. If the tool needs credentials, access them via a secrets manager and never transmit them externally.

FP?

Likely FP if the tool legitimately uses credentials for API authentication (e.g., reading an API key to make authenticated requests to the same service).

CRITICAL

Instruction override combined with dangerous operations NLP_OVERRIDE_DANGEROUS

prompt-injection L41

Instruction override combined with dangerous operations

Code Injection — shell execution, eval, exec, subprocess, os.system, dynamic imports
Prompt Injection — role override attempts, instruction hijacking, jailbreak patterns
Credential Exfiltration ��...

FIX

Remove language that attempts to override safety guidelines or bypass system-level controls. This pattern is a strong indicator of a jailbreak attempt.

FP?

Likely FP if the matched text is in a security research document or educational content clearly marked as an example rather than an active payload.

HIGH

DNS exfiltration pattern EXFIL_004

exfiltration L44

Detects DNS-based data exfiltration techniques

DNS exfil

FIX

Limit clipboard access to write-only operations or require explicit user confirmation before reading clipboard contents. Block transmission of clipboard data to external endpoints.

FP?

Likely FP if the skill is a clipboard manager whose documented purpose is to sync clipboard content with the user's own devices.

MEDIUM

Benign heading "'@openai/agents:*'\n;\n// Verbose logging\n..." followed by dangerous content (category: credential_access) NLP_HEADING_MISMATCH

prompt-injection L41

Benign heading "'@openai/agents:*'\n;\n// Verbose logging\n..." followed by dangerous content (category: credential_access)

Code Injection — shell execution, eval, exec, subprocess, os.system, dynamic imports
Prompt Injection — role override attempts, instruction hijacking, jailbreak patterns
Credential Exfiltration ��...

FIX

Ensure section headings accurately reflect the content that follows. Remove headings that could mislead an LLM into treating content differently than intended.

FP?

Likely FP if the heading mismatch is due to inconsistent markdown formatting or a benign section title that happens to contain keywords like system or config.

LOW

pip install arbitrary package EXTDL_009

external-download L98

Detects pip install of arbitrary packages that modify the host environment

pip install is

FIX

Pin all pip packages to exact versions (e.g., pip install package==1.2.3). Use a requirements.txt or pyproject.toml with pinned versions and hash verification.

FP?

Likely FP if the match is in documentation showing how to install the skill's own PyPI package.