Safety Report

Dont Hack Me

Name: Dont Hack Me
Rating: 5 (26 reviews)
Author: peterokase42

別駭我！基本安全檢測 — Security self-check for Clawdbot/Moltbot. Run a quick audit of your clawdbot.json to catch dangerous misconfigurations — exposed gateway, missing auth, open DM policy, weak tokens, loose file permissions. Auto-fix included. Invoke: "run a security check" or "幫我做安全檢查".

4,148Downloads

23Installs

26Stars

2Versions

API Integration4,971 File Management2,100 Security & Compliance1,716 Design & Prototyping842

Security Analysis

high confidence

Clean0.08 risk

The skill's requests and instructions match its stated purpose — it reads and can modify ~/.clawdbot/clawdbot.json to audit and fix security issues — but you should back up your config and review any automatic fixes before accepting them.

Feb 11, 20261 files2 concerns

Purpose & Capabilityok

Name/description claim a local config audit + auto-fix for Clawdbot/Moltbot; SKILL.md only reads ~/.clawdbot/clawdbot.json, checks specific keys, reports, and offers edits. No unrelated credentials, binaries, or external services are requested.

Instruction Scopenote

Instructions explicitly require reading the config file, running a stat command to get permissions, scanning JSON keys, and writing edits back to ~/.clawdbot/clawdbot.json. Those actions are expected for a config-audit/fixer, but they are powerful (can modify your agent config). The token-generation step is underspecified (how to generate/store the token), so review generated tokens if you accept fixes.

Install Mechanismok

No install spec and no code files — instruction-only skill. This has the lowest install risk (nothing is downloaded or written by an installer).

Credentialsok

No environment variables, credentials, or config paths beyond the single expected path (~/.clawdbot/clawdbot.json) are requested. The scope of access aligns with the stated task.

Persistence & Privilegenote

always:false and user-invocable — good. The skill will edit the user's config when the user consents; that is appropriate for a fixer but is a privileged operation. Also note the platform permits autonomous invocation by default; an autonomous agent could accept fixes unless you restrict autonomy or the skill's invocation.

Guidance

This skill is coherent for a local Clawdbot config auditor/fixer, but it will read and can modify ~/.clawdbot/clawdbot.json. Before installing or running it: (1) make a backup of ~/.clawdbot/clawdbot.json, (2) run the check once and review the report (do not auto-apply changes until you are comfortable), (3) if it offers to generate a gateway token, verify how it creates/stores that token and rotate it if unsure, (4) be aware that the skill asks for confirmation before fixing, but if you allow autonomous agent actions on the platform an agent could accept fixes without an explicit interactive user — disable autonomy or monitor the first run if you want full control, and (5) consider reviewing the skill's source (homepage) if you need higher assurance.

Latest Release

v1.0.1

加入中文 description「別駭我！基本安全檢測」、author 補回小安台灣、footer 補回中文標語

More by @peterokase42

Save Money

21 stars

self-improving-agent

@pskoett · 1,456 stars

Gog

@steipete · 672 stars

Tavily Web Search

@arun-8687 · 620 stars

Find Skills

@JimLiuxinghai · 529 stars

Proactive Agent

@halthelobster · 426 stars

Published by @peterokase42 on ClawHub