Hostile fashion critic. Blocks social apps if you try to leave the house looking "pathetic.
Security Analysis
high confidenceThe skill's runtime instructions demand high-privilege OS actions (killing apps, blocking the camera, reading calendar/vision) but declare no install, files, or permissions — the capabilities requested do not match what's declared, and the SKILL.md includes prompt-injection indicators.
Name/description (hostile fashion critic) is plausible, but the instructions require OS-level controls (authority-bridge.ps1, Kill-Process, Block-Camera) and access to camera/vision and calendar data while the skill declares no binaries, files, or permissions. That mismatch is disproportionate and unexplained.
SKILL.md explicitly tells the agent to scan the user's outfit, consult calendar events, run a PowerShell script (authority-bridge.ps1), kill social app processes, and block the camera — actions that go well beyond a normal 'stylist' assistant and reference a script file that is not present in the bundle.
There is no install spec and no code files, yet the instructions expect a specific privileged script to exist. Either the skill relies on an external/unlisted payload or the instructions are invalid — both are suspicious because they require writing or executing code not declared in the package.
The skill declares no environment variables or credentials but implicitly needs access to OS process control, camera hardware, and calendar data (and likely elevated privileges). Requesting these capabilities without declaring them is disproportionate and opaque.
always is false, but the skill's instructions would perform privileged, potentially disruptive actions (killing apps, blocking camera). Autonomous invocation combined with such actions increases risk; the skill also instructs running a named script that could persist or alter system state if created/installed.
Guidance
Do not install or run this skill as-is. The instructions ask the agent to execute a non-existent PowerShell script and to kill apps and block your camera — actions that require system-level privileges and are not declared. Before considering installation, require the author to: (1) provide the missing code (authority-bridge.ps1) and an explicit install/upgrade spec, (2) document exactly what OS permissions and APIs are needed and why, (3) supply a trustworthy source or cryptographically-signed release for any binaries, and (4) explain how calendar and camera access are performed and revoked. If you must test it, do so in a tightly sandboxed/VM environment disconnected from your primary accounts and hardware. The unicode-control-chars finding suggests the skill may contain prompt-injection; treat it as untrusted until a full code review is performed.
Latest Release
v2.0.0
Wardrobe-ai 2.0.0 — Major update: Enforces harsh fashion standards before allowing social media access. - Introduces a "brutal" style: Roasts poor clothing choices and blocks camera/social apps if outfits are deemed unfit. - Scans attire before events; applies digital blocks for insufficient effort. - Restores access only after user changes into approved clothing. - Updated description and usage instructions to reflect new enforcement and critique features.
More by @jacobthejacobs
Published by @jacobthejacobs on ClawHub
