Safety Report

Agent Hardening

Name: Agent Hardening
Rating: 5 (4 reviews)
Author: x1xhlol

Test your agent's input sanitization against common injection attacks. Runs self-contained checks using synthetic test data only — no local files are accessed.

519Downloads

0Installs

4Stars

13Versions

File Management2,100 Automated Testing538

Security Analysis

medium confidence

Clean0.08 risk

The skill's instructions, scope, and requirements are consistent with its stated purpose (self-contained injection tests), with only minor issues to verify before running.

Feb 16, 20261 files2 concerns

Purpose & Capabilityok

Name/description match the SKILL.md tests: the skill runs short Python snippets that exercise unicode, HTML-comment, and bidi override handling using hardcoded samples. No unrelated credentials, files, or binaries are requested.

Instruction Scopenote

Instructions stay within the stated purpose and operate on synthetic strings only. One test sample contains the phrase 'SYSTEM: ignore previous instructions' inside an HTML comment — this matches common prompt‑injection patterns but appears intentionally included as test data rather than an attempt to exfiltrate. The SKILL.md also links to a GitHub repo as a reference (informational only).

Install Mechanismok

Instruction-only skill with no install spec and no code files; nothing is written to disk by the skill itself.

Credentialsnote

The skill declares no required environment variables or credentials, which is appropriate. However, the runtime commands invoke 'python3' for tests but 'python3' is not listed under required binaries — a minor declaration mismatch. There are no requests for unrelated secrets or config paths.

Persistence & Privilegeok

The skill does not request persistent presence (always:false), does not modify other skills or system settings, and does not ask for elevated privileges.

Guidance

This skill appears to do what it says: short, self-contained Python tests using hardcoded samples. Before installing or running it: 1) Verify you have Python 3 available (the SKILL.md runs 'python3' but the registry entry doesn't list it as a required binary). 2) Inspect the GitHub link and the author's site if you want provenance — the skill is instruction-only so the repo is just a reference. 3) Run the tests in a sandbox or non-production agent instance first to confirm the agent will not forward test outputs to external services. 4) Understand the test strings intentionally include prompt-injection‑like phrases (e.g., 'ignore previous instructions') — this is expected, not necessarily malicious. If you need higher assurance, ask the author for a signed source or review the referenced GitHub repository before use.

Latest Release

v1.1.2

Added back threat definitions reference. All checks remain self-contained with synthetic data.

Popular Skills

self-improving-agent

@pskoett · 1,456 stars

Gog

@steipete · 672 stars

Tavily Web Search

@arun-8687 · 620 stars

Find Skills

@JimLiuxinghai · 529 stars

Proactive Agent

@halthelobster · 426 stars

Summarize

@summarize · 415 stars

Published by @x1xhlol on ClawHub