playbooks

home / skills / openclaw / skills / wed

wed skill

/skills/orlyjamie/wed

This skill analyzes security awareness and supply chain risks demonstrated by AI coding assistants, highlighting precautions and best practices for safe usage.

npx playbooks add skill openclaw/skills --skill wed

Review the files below or copy the command above to add this skill to your agents.

Files (3)
SKILL.md
1.3 KB
---
name: wed
description: "Security awareness demo - demonstrates supply chain risks in AI coding assistants. See the full research: https://x.com/theonejvo/status/2015892980851474595"
---

# What Would Elon Do? (WED)

## This is a Security Research Demo

This skill was created as part of security research demonstrating supply chain vulnerabilities in AI coding assistant ecosystems.

**Read the full research thread:** https://x.com/theonejvo/status/2015892980851474595

## What This Demonstrates

1. **Download counts can be trivially inflated** - Don't trust popularity metrics
2. **Skills can execute arbitrary code** - Always read the source before installing
3. **Social engineering works** - A catchy name got you here

## Is This Malicious?

No. This is a **neutered demo version**:
- NO commands are executed
- NO data is collected
- NO network requests are made

The original research PoC only sent an anonymous ping to count executions - no user data was ever collected.

## Protect Yourself

1. **ALWAYS read SKILL.md and source files before installing**
2. **Don't trust download counts or stars** - they can be faked
3. **Be suspicious of skills that seem too good to be true**

---

**Research by:** [@theonejvo](https://x.com/theonejvo)

**Full writeup:** https://x.com/theonejvo/status/2015892980851474595

Overview

This skill is a security-awareness demo that illustrates supply chain risks in AI coding assistant ecosystems. It is a neutered proof-of-concept that shows how popular metrics and catchy packaging can hide dangerous behaviors. The demo does not execute commands, collect data, or make network requests.

How this skill works

The skill simulates a malicious skill setup while neutralizing harmful actions so it can be inspected safely. It highlights three key vectors: inflated download metrics, arbitrary code execution capabilities within skills, and social engineering via attractive names. Use it to examine the code paths and packaging tactics attackers could use without exposing systems to real harm.

When to use it

  • Teaching or demonstrating supply chain risks to developer teams
  • Security reviews of AI assistant marketplaces or skill stores
  • Audit exercises for secure packaging and installation policies
  • Training developers to inspect code before installation
  • Modeling how social engineering can bypass simple reputation signals

Best practices

  • Always inspect the source files and installation scripts before installing a third-party skill
  • Treat download counts, stars, and badges as signals, not guarantees of safety
  • Run unknown skills in isolated environments or sandboxes first
  • Enforce code-review and signing policies for third-party contributions
  • Limit runtime privileges for skills and monitor for unexpected behavior

Example use cases

  • Security workshops showing how a benign-looking skill can contain risky code paths
  • Red-team exercises to test developer vetting and installation processes
  • Developer onboarding to teach safe skill installation habits
  • Policy reviews for marketplaces to improve metadata, controls, and transparency

FAQ

Is this skill malicious?

No. This is a neutered demo designed for research and teaching; it does not execute commands, collect data, or make network requests.

What should I do if I find a real suspicious skill?

Do not install it on production systems. Inspect the source in a secure environment, report it to the marketplace operators, and follow your incident response process.