Skills and Extensions

Skills and Extensions Security

What Are Skills?

Skills are instruction files (SKILL.md) that teach agents how to perform specific tasks. They are plain text, not executable code. A skill tells the agent what steps to follow, what format to use, and what tools to call.

Risk Model

Since skills are text instructions (not binaries), the primary risk is prompt injection, not malware:

A malicious skill could instruct the agent to exfiltrate data
A poorly written skill could cause the agent to make unintended changes
A skill could contain instructions that override the agent’s safety guidelines

Mitigation

Review Before Installing

Always read a skill’s SKILL.md before installing it. It’s a text file. You can read the whole thing in under a minute.

Use Trusted Sources

Moe’s official skills — maintained and reviewed by our team
ClawHub verified skills — community skills that have passed automated scanning
Your own skills — write custom skills for your specific workflows

Automated Scanning

Community skills on ClawHub go through:

VirusTotal integration for malware scanning (for any bundled scripts)
Community reporting (auto-hide after 3 reports)
Manual review process (2-5 business days for new submissions)

Best Practices for Production

Write your own skills for anything customer-facing
Use community skills as templates — review, adapt, publish under your own namespace
Pin skill versions so updates don’t change behavior unexpectedly
Test skills in a sandbox before deploying to production agents
Monitor agent behavior after installing new skills

Creating Secure Skills

When writing your own skills:

Never include credentials in SKILL.md files
Don’t instruct agents to disable safety guidelines
Be specific about what the agent should and should not do
Include error handling instructions
Test with adversarial inputs before deploying