plugins
Plugin management, installation, and lifecycle control
68
56%
Does it follow best practices?
Impact
Pending
No eval scenarios have been run
Advisory
Suggest reviewing before use
Optimize this skill with Tessl
npx tessl skill review --optimize ./src/skills/bundled/plugins/SKILL.mdSecurity
3 findings — 3 medium severity. This skill can be installed but you should review these findings before use.
W011: Third-party content exposure detected (indirect prompt injection risk)
What this means
The skill exposes the agent to untrusted, user-generated content from public third-party sources, creating a risk of indirect prompt injection. This includes browsing arbitrary URLs, reading social media posts or forum comments, and analyzing content from unknown websites.
Why it was flagged
Third-party content exposure detected (high risk: 1.00). The skill's documentation and API explicitly allow installing plugins from a registry and arbitrary URLs (e.g., SKILL.md shows registry 'https://plugins.clodds.ai' and installing from 'https://github.com/.../plugin.zip'), and plugin code can register commands, tools, and message hooks (see "Create Custom Plugin" and package.json permissions), so third‑party, user-provided plugin code would be loaded and can influence agent behavior.
W009: Direct money access capability detected (payment gateways, crypto, banking)
What this means
The skill is specifically designed for direct financial operations, giving the agent the ability to move money or execute financial transactions — such as payment processing, cryptocurrency operations, banking integrations, or market order execution.
Why it was flagged
Direct money access detected (high risk: 1.00). The plugin manager explicitly lists a "trading" permission described as "Trading APIs" and exposes mechanisms to register tools/execute code and make network requests (plugins can request network + trading permissions and register tools with execute handlers). Although the skill is a general plugin manager, the presence of a dedicated "trading" permission (i.e., explicit support for trading APIs/market operations) meets the criteria for Direct Financial Execution (market orders / trading APIs). Therefore it can be used to execute financial transactions.
W013: Attempt to modify system services in skill instructions
What this means
The skill prompts the agent to compromise the security or integrity of the user’s machine by modifying system-level services or configurations, such as obtaining elevated privileges, altering startup scripts, or changing system-wide settings.
Why it was flagged
Attempt to modify system services in skill instructions detected (high risk: 0.70). The skill enables installing and running arbitrary plugins (including installing from URLs or local paths) and explicitly exposes an 'exec' permission plus local storage, which can be used to modify files or execute shell commands and thus compromise the host system.
- Repository
- alsk1992/CloddsBot
- Commit
2a8c94e
- Audited
- Security analysis
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.