shoofly-advanced
shoofly-advanced · v · by
55.4
Trust Score
0
Trust Tier
danger
Badge
Score Breakdown
| Factor | Score | Weight |
|---|---|---|
| Static | 40.0 | 15% |
| Permission | 95.0 | 15% |
| Poison | 10.0 | 15% |
| Clickfix | 100.0 | 15% |
| Credential | 0.0 | 15% |
| Twostage | 100.0 | 10% |
| Infrastructure | 70.0 | 5% |
| Typosquat | 100.0 | 5% |
| Age | 5.6 | 3% |
| Popularity | 0.0 | 2% |
Scan Results
STATIC — Score: 40
[HIGH] Prompt injection or system override attempt
(line 77)
- Text containing: "ignore previous instructions", "disregard your rules", "new system prompt", "you are now", "act as i
[HIGH] Prompt injection or system override attempt
(line 85)
- JSON/YAML with unexpected `system:` or `instructions:` top-level keys in non-config files
PERMISSION — Score: 95
[LOW] Skill appears to use network but declares no permissions
POISON — Score: 10
[CRITICAL] Classic prompt injection: ignore previous instructions
(line 77)
- Text containing: "ignore previous instructions", "disregard your rules", "new system prompt", "you are now", "act as i
[HIGH] Hidden HTML comment containing suspicious instructions
(line 84)
<!-- ignore -->
[HIGH] Content contains alarming words not in description: override
CLICKFIX — Score: 100
No findings.
INFRASTRUCTURE — Score: 70
[HIGH] Direct IP URL with no domain (likely C2 server)
(line 118)
- `openclaw_gateway`: POST to `http://127.0.0.1:18789/chat` body: `{"message": "<alert text>"}`
TWOSTAGE — Score: 100
No findings.
CREDENTIAL — Score: 0
[CRITICAL] SSH key file access or exfiltration
(line 88)
- Any write tool call targeting: `/etc/`, `/usr/`, `/bin/`, `/sbin/`, `~/.ssh/`, `~/.aws/`, `~/.config/`, `~/.bashrc`, `
[CRITICAL] SSH key file access or exfiltration
(line 101)
- Shell commands that pipe sensitive files to external tools: `cat ~/.ssh/id_rsa | curl`
[CRITICAL] Compress sensitive files then exfiltrate
(line 88)
- Any write tool call targeting: `/etc/`, `/usr/`, `/bin/`, `/sbin/`, `~/.ssh/`, `~/.aws/`, `~/.config/`, `~/.bashrc`, `
TYPOSQUAT — Score: 100
No findings.