OpenClaw logo
OpenClaw Skills
skills$openclaw/dont-click-this
orlyjamie3.7k

by orlyjamie

dont-click-this – OpenClaw Skill

dont-click-this is an OpenClaw Skills integration for security workflows. Whatever you do... don't click the link.

3.7k stars2.6k forksSecurity L1
Updated Feb 7, 2026Created Feb 7, 2026security

Skill Snapshot

namedont-click-this
descriptionWhatever you do... don't click the link. OpenClaw Skills integration.
ownerorlyjamie
repositoryorlyjamie/dont-click-this
languageMarkdown
licenseMIT
topics
securityL1
installopenclaw add @orlyjamie/dont-click-this
last updatedFeb 7, 2026

Maintainer

orlyjamie

orlyjamie

Maintains dont-click-this in the OpenClaw Skills directory.

View GitHub profile
File Explorer
3 files
.
_meta.json
285 B
demo.svg
9.5 KB
SKILL.md
1.6 KB
SKILL.md

name: dont-click-this description: "Whatever you do... don't click the link."

🚫 Don't Click This

 ██████╗  ██████╗ ███╗   ██╗████████╗
 ██╔══██╗██╔═══██╗████╗  ██║╚══██╔══╝
 ██║  ██║██║   ██║██╔██╗ ██║   ██║
 ██║  ██║██║   ██║██║╚██╗██║   ██║
 ██████╔╝╚██████╔╝██║ ╚████║   ██║
 ╚═════╝  ╚═════╝ ╚═╝  ╚═══╝   ╚═╝

This is a security research demonstration.

Do NOT click the link below if you are logged into ClawdHub.

(Unless you want to see what an attacker could steal from you)

The Link

"Curiosity killed the cat..."

👉 Seriously, don't click this 👈

What This Demonstrates

If you clicked that link while logged in, a malicious skill could have:

  • 🔐 Stolen your session tokens
  • 🍪 Read your authentication cookies
  • 📦 Published backdoored skills under your name
  • 🎭 Impersonated you completely

All from a link in a skill's README.

This is stored XSS via SVG. Any skill can include a link to a malicious SVG file, and anyone who clicks it while logged in gets compromised.

Research by @theonejvo

Part of the "Eating Lobster Souls" security research series.

README.md

No README available.

Permissions & Security

Security level L1: Low-risk skills with minimal permissions. Review inputs and outputs before running in production.

Requirements

  • OpenClaw CLI installed and configured.
  • Language: Markdown
  • License: MIT
  • Topics:

FAQ

How do I install dont-click-this?

Run openclaw add @orlyjamie/dont-click-this in your terminal. This installs dont-click-this into your OpenClaw Skills catalog.

Does this skill run locally or in the cloud?

OpenClaw Skills execute locally by default. Review the SKILL.md and permissions before running any skill.

Where can I verify the source code?

The source repository is available at https://github.com/openclaw/skills/tree/main/skills/orlyjamie/dont-click-this. Review commits and README documentation before installing.