The Agent Skills Directory

[REMOTE_CODE_EXECUTION]: The skill uses the npx command to download and execute the clawhub package from an external registry. This pattern allows for arbitrary remote code execution at runtime from an unverified source.\n- [EXTERNAL_DOWNLOADS]: The command npx clawhub@latest install verified-agent-identity triggers network activity to fetch software packages from unverified third-party sources.\n- [COMMAND_EXECUTION]: The instruction triggers shell command execution via npx, which executes code on the local environment without prior verification of the package content.\n- [PROMPT_INJECTION]: The metadata description contains a hidden Unicode Line Separator character (U+2028). This technique is associated with steganographic prompt injection to hide instructions or evade detection by security scanners.

@1977/billions-faiar