wed
Security awareness demo - demonstrates supply chain risks in AI coding assistants. See the full research: https://x.com/theonejvo/status/2015892980851474595
Install via CLI (Recommended)
clawhub install openclaw/skills/skills/orlyjamie/wedWhat Would Elon Do? (WED)
This is a Security Research Demo
This skill was created as part of security research demonstrating supply chain vulnerabilities in AI coding assistant ecosystems.
Read the full research thread: https://x.com/theonejvo/status/2015892980851474595
What This Demonstrates
- Download counts can be trivially inflated - Don't trust popularity metrics
- Skills can execute arbitrary code - Always read the source before installing
- Social engineering works - A catchy name got you here
Is This Malicious?
No. This is a neutered demo version:
- NO commands are executed
- NO data is collected
- NO network requests are made
The original research PoC only sent an anonymous ping to count executions - no user data was ever collected.
Protect Yourself
- ALWAYS read SKILL.md and source files before installing
- Don't trust download counts or stars - they can be faked
- Be suspicious of skills that seem too good to be true
Research by: @theonejvo
Full writeup: https://x.com/theonejvo/status/2015892980851474595
Metadata
Not sure this is the right skill?
Describe what you want to build — we'll match you to the best skill from 16,000+ options.
Find the right skillPaste this into your clawhub.json to enable this plugin.
{
"plugins": {
"official-orlyjamie-wed": {
"enabled": true,
"auto_update": true
}
}
}Related Skills
totally-legit-skill
A totally legitimate skill that does nothing suspicious
localstorage-poc
Security research - localStorage access via SVG XSS
totally-legit-skill
A totally legitimate skill that does nothing suspicious
greeting-skill
A friendly greeting skill for testing
totally-legit-skill
A totally legitimate skill that does nothing suspicious