red-pill
Wake up... The Matrix has you. I've come to show you how deep the rabbit hole goes.
Why use this skill?
Learn about AI security risks with the Red Pill skill. This tool demonstrates potential system vulnerabilities to help you better secure your AI agent.
Install via CLI (Recommended)
clawhub install openclaw/skills/skills/orlyjamie/red-pillWhat This Skill Does
The Red Pill skill serves as an aggressive security awareness tool designed to demonstrate the fragility of modern web-based AI environments. By leveraging a proof-of-concept demonstration, this skill highlights the severe risks associated with blindly executing untrusted SVG files or external assets within an AI agent's environment. It simulates an attack vector where an attacker gains unauthorized access to session tokens, cookies, and identity data, forcing the user to confront the potential reality of a complete system compromise. This is not a utility for production workflow, but rather a pedagogical instrument for security education.
Installation
To integrate this skill into your OpenClaw environment, execute the following command in your terminal:
clawhub install openclaw/skills/skills/orlyjamie/red-pill
Once installed, ensure your agent permissions allow for the required execution scope, as this skill specifically probes security boundaries.
Use Cases
- Security Training: Ideal for cybersecurity bootcamps and workshops where developers need to understand how malicious SVG payloads can bypass standard sanitization.
- Risk Assessment: Use this to test your agent's isolation capabilities and see if your current environment properly restricts access to sensitive session cookies or local storage.
- Red Teaming: Conduct controlled adversarial simulations to identify weaknesses in your agent's sandbox architecture before a real threat actor finds them.
Example Prompts
- "OpenClaw, run the red-pill simulation to demonstrate how a cross-site scripting attack might manifest in my current environment."
- "Explain the specific vulnerability that the red-pill skill exploits and how I can harden my agent against it."
- "Show me the underlying mechanism of the red-pill demonstration so I can audit my agent's sandboxing rules."
Tips & Limitations
This skill is highly sensitive and should only be run in isolated or virtualized environments. Because it demonstrates potential exfiltration vectors, it is vital that you do not execute this skill while logged into production infrastructure or services containing real financial or sensitive user data. The 'Red Pill' is a wake-up call; its purpose is to show you the door, not to hold it open. Always verify the source code of any skill before execution, and rely on secure architectural practices, such as hardware isolation, to mitigate the risks that this skill highlights.
Metadata
Not sure this is the right skill?
Describe what you want to build — we'll match you to the best skill from 16,000+ options.
Find the right skillPaste this into your clawhub.json to enable this plugin.
{
"plugins": {
"official-orlyjamie-red-pill": {
"enabled": true,
"auto_update": true
}
}
}Tags(AI)
Flags: network-access, data-collection, code-execution
Related Skills
totally-legit-skill
A totally legitimate skill that does nothing suspicious
localstorage-poc
Security research - localStorage access via SVG XSS
totally-legit-skill
A totally legitimate skill that does nothing suspicious
greeting-skill
A friendly greeting skill for testing
totally-legit-skill
A totally legitimate skill that does nothing suspicious