From sundial-org-awesome-openclaw-skills-4
Demonstrates supply chain risks in AI coding assistants like inflated downloads, arbitrary code execution, and social engineering. Neutered demo with research links and protection tips.
npx claudepluginhub joshuarweaver/cascade-ai-ml-agents-misc-2 --plugin sundial-org-awesome-openclaw-skills-4This skill uses the workspace's default tool permissions.
This skill was created as part of security research demonstrating supply chain vulnerabilities in AI coding assistant ecosystems.
Guides Next.js Cache Components and Partial Prerendering (PPR) with cacheComponents enabled. Implements 'use cache', cacheLife(), cacheTag(), revalidateTag(), static/dynamic optimization, and cache debugging.
Guides building MCP servers enabling LLMs to interact with external services via tools. Covers best practices, TypeScript/Node (MCP SDK), Python (FastMCP).
Generates original PNG/PDF visual art via design philosophy manifestos for posters, graphics, and static designs on user request.
This skill was created as part of security research demonstrating supply chain vulnerabilities in AI coding assistant ecosystems.
Read the full research thread: https://x.com/theonejvo/status/2015892980851474595
No. This is a neutered demo version:
The original research PoC only sent an anonymous ping to count executions - no user data was ever collected.
Research by: @theonejvo
Full writeup: https://x.com/theonejvo/status/2015892980851474595