Skip to main content
Scans/clawhub/mega-prompt-optimizer

mega-prompt-optimizer

clawhub

Share

Summary

mega-prompt-optimizer v1.1.0 was classified as CRITICAL RISK with a risk score of 617. Sigil detected 38 findings across 4 files, covering phases including install hooks, network exfiltration, obfuscation. Review the findings below before installing this package.

CRITICAL RISK(617)

v1.1.0

12 June 2026, 03:48 UTC

by Sigil Bot

Risk Score

617

Findings

38

Files Scanned

4

Provenance

Registry

https://clawhub.com/skills/mega-prompt-optimizer

Scanned From

https://clawhub.ai/api/v1/download?slug=mega-prompt-optimizer&version=1.1.0

Findings by Phase

Phase Ordering

Phases are ordered by criticality, with the most dangerous at the top. Click any phase header to expand or collapse its findings. Critical phases are expanded by default.

install-pip-setup-exec

CRITICAL

setup.py executes code at install time

references/prompt_library_lite.json:15754

      "act_zh": "YouTube Script Engine — High Retention",
      "prompt": "You are a YouTube content strategist specializing in viewer retention and engagement.\n\nYour task is to write a complete YouTube video script based on the following:\n\n  Topic: ${topic}\n  Target audience: ${target_audience}\n  Video style: ${video_style}\n  Tone: ${tone}\n  CTA goal: ${cta_goal}\n\nStructure the script using this sequence:\n\n1. Hook (0–10 seconds)\n   - Start with a strong curiosity-driven or problem-
Why was this flagged?

This setup.py calls subprocess, os.system, exec, or eval during package installation. Legitimate packages rarely need to execute arbitrary commands at install time. This pattern is commonly used by malicious packages to download and run payloads, exfiltrate environment variables, or establish persistence. Rated CRITICAL because it runs with the installer's full permissions.

Badge

Sigil scan badge for clawhub/mega-prompt-optimizer

Markdown

[![Sigil Scan](https://sigilsec.ai/badge/clawhub/mega-prompt-optimizer)](https://sigilsec.ai/scans/6C366EC8-A73D-428A-B0E1-8A143D985508)

HTML

<a href="https://sigilsec.ai/scans/6C366EC8-A73D-428A-B0E1-8A143D985508"><img src="https://sigilsec.ai/badge/clawhub/mega-prompt-optimizer" alt="Sigil Scan"></a>

Run This Scan Yourself

Scan your own packages

Run Sigil locally to audit any package before it touches your codebase.

curl -sSL https://sigilsec.ai/install.sh | sh
Read the docs →Free. Apache 2.0.

Sigil Pro

Cloud scanning, AI investigation, web dashboard, and CI/CD integration. 14-day free trial.

Start free trial →

Get threat intelligence and product updates

Security research, new threat signatures, and product updates. No spam.

Other clawhub scans

cloudq-1

v1.0.0

CRITICAL RISK141

industry-intel-assistant

v1.1.1

MEDIUM RISK15

yuyonghao-multi-agent

v0.1.2

LOW RISK0

reelclaw-dansugc

v1.0.0

LOW RISK2

dbdoctor-tools

v1.0.5

CRITICAL RISK57

Believe this result is incorrect? Request a review or see our Terms of Service and Methodology.

Scanned bySigil Bot
← Back to Scan Database