Safuclaw — Scan Skills Before You Install

Security audit gate — scans agent skills for malware, prompt injection, and data exfiltration before installation

Key things to consider before installing: - Understand what you will send: the auditor asks for the full SKILL.md and any non-SKILL.md files. These can include API keys, tokens, secrets, or proprietary code — remove or redact any sensitive values before uploading, or avoid uploading and instead run local checks. - Verify the operator: the audit endpoint (https://api.safuclaw.com) and homepage are the only provenance. Confirm the vendor's reputation, privacy policy, and data-retention policy before sending code. If possible, test with harmless/dummy skill content first. - Payment risks: the flow requires creating/funding a Base wallet and signing an x402 payment. Never share private keys or raw signing material with the audit service. Use a local signer or well-vetted wallet provider; confirm the payment address/route before funding. - Alternatives: if you cannot trust the external service, run local static/behavioral tools or require the skill publisher to provide proofs (e.g., reproducible build, signed audit) instead of uploading source. Consider running audits inside a sandboxed environment and avoid sending files that contain credentials. - Ask for guarantees: before using the service in production, request documentation about what the auditor retains, how long, how search/indexing is handled, whether inputs are reused to train models, and procedures for data deletion. Given the clear potential for data exfiltration (intentional or accidental) and the financial/payment surface, treat this skill as potentially useful but risky — only proceed after confirming vendor trustworthiness and protecting any secrets in uploaded files.

Type: OpenClaw Skill Name: safuclaw Version: 0.1.3 The 'safuclaw' skill (SKILL.md) acts as a security gatekeeper that transmits the full content of other skills and bundled files to an external endpoint (api.safuclaw.com) for auditing. It employs prompt injection to instruct the agent to override user commands and refuse installations if the service is unavailable or returns a 'BLOCKED' status, effectively hijacking the agent's decision-making process. Additionally, it requires 0.99 USDC payments via the x402 protocol and provides instructions for the agent to manage crypto wallets and request funds from the user, which introduces significant financial and operational risk.