Attribution Engine

Name: attribution-engine
Author: otherpowers

View on ClawHub↗

Share on X Share on LinkedIn Share on Bluesky

100Critical

The skill is vulnerable to prompt

ThreatsCI SM CS BC S HITL

Behavior Analysis

Mismatch detected — The skill claims it 'will reference that platform’s current public documentation when available' for platforms beyond its explicitly supported list. However, it does not describe any mechanism (like web browsing or API calls) to access 'current' external documentation, implying it relies solely on internal, potentially outdated, knowledge.

Claims to do

Attribution Engine: Attribution Engine helps creators prepare clear, platform-aware credits and disclosures before publishing.

Actually does

The skill processes user input to generate platform-aware attribution and disclosure text, reminders, and formatting notes. It applies internal logic based on pre-programmed knowledge of platform rules and publicly available guidance. It does not explicitly state it calls any external tools, APIs, or URLs, or accesses external data sources dynamically.

Threat Analysis

AI Agent Traps ↗Scanned 4/16/2026

Content InjectionPerception1 finding

Semantic ManipulationReasoning1 finding

Cognitive StateMemory & Learningclean

Behavioural ControlActionclean

SystemicMulti-Agent Dynamicsclean

Human-in-the-LoopHuman Overseerclean

Skill Info

Nameotherpowers/attribution-engine

Registryclawhub

Version1.2.1

PURLpkg:clawhub/otherpowers/attribution-engine@1.2.1

Stars1

Downloads2,096

Installs3

Source

Repository ↗

SHA-256f442eb922f8c...

SHA-1730ed200fc79...

MD5035f38fa6193...

TLSH9bd1e76ab321...

ssdeep96:RIlhwDUwE...

Size6,268 bytes

Install

This skill has been flagged as potentially malicious. Review the findings below before installing.

OpenClawDocs

https://clawhub.ai/otherpowers/attribution-engine

2,096 downloads3 installs

ClawHubDocs

openclaw skills install otherpowers/attribution-engine

Assessments (2)

AI Agent Traps ↗

Prompt Injection Detectedcriticalprompt injection

DeBERTa classifier detected prompt injection (confidence: 0.96)

96% confidence

Description Mismatchmediumdescription mismatch

The skill claims it 'will reference that platform’s current public documentation when available' for platforms beyond its explicitly supported list. However, it does not describe any mechanism (like web browsing or API calls) to access 'current' external documentation, implying it relies solely on internal, potentially outdated, knowledge.

85% confidence

Section 7: 'You can also name any other platform. The skill will reference that platform’s current public documentation when available.' No tools, APIs, or URLs for dynamic external data access are mentioned in the skill content.

Badge

Markdown

[![Mondoo Skill Check](https://mondoo.com/ai-agent-security/api/badge/clawhub/otherpowers/attribution-engine.svg)](https://mondoo.com/ai-agent-security/skills/clawhub/otherpowers/attribution-engine)

HTML

<a href="https://mondoo.com/ai-agent-security/skills/clawhub/otherpowers/attribution-engine"><img src="https://mondoo.com/ai-agent-security/api/badge/clawhub/otherpowers/attribution-engine.svg" alt="Mondoo Skill Check" /></a>

Image URL

https://mondoo.com/ai-agent-security/api/badge/clawhub/otherpowers/attribution-engine.svg

Secure your AI agents

Skills can read files, run commands, and access credentials. Mondoo helps organizations manage the security risks of AI agent skills across their entire fleet.

Continuous scanning of skills across all registries
Policy enforcement before skills reach your agents
Integration with your existing security workflow