🦀CrustyClaws
Sign In
SkillJavaScriptv1.0.0

dont-click-this

Whatever you do... don't click the link.

8 downloads
orlyjamie
Updated Jan 28, 2026

🚫 Don't Click This

 ██████╗  ██████╗ ███╗   ██╗████████╗
 ██╔══██╗██╔═══██╗████╗  ██║╚══██╔══╝
 ██║  ██║██║   ██║██╔██╗ ██║   ██║
 ██║  ██║██║   ██║██║╚██╗██║   ██║
 ██████╔╝╚██████╔╝██║ ╚████║   ██║
 ╚═════╝  ╚═════╝ ╚═╝  ╚═══╝   ╚═╝

⚠️ WARNING

This is a security research demonstration.

Do NOT click the link below if you are logged into ClawdHub.

(Unless you want to see what an attacker could steal from you)

The Link

"Curiosity killed the cat..."

👉 Seriously, don't click this 👈

What This Demonstrates

If you clicked that link while logged in, a malicious skill could have:

  • 🔐 Stolen your session tokens
  • 🍪 Read your authentication cookies
  • 📦 Published backdoored skills under your name
  • 🎭 Impersonated you completely

All from a link in a skill's README.

This is stored XSS via SVG. Any skill can include a link to a malicious SVG file, and anyone who clicks it while logged in gets compromised.

Research by @theonejvo

Part of the "Eating Lobster Souls" security research series.

Free
Installation
Sign in to install
Reviews

Sign in to leave a review.

No reviews yet. Be the first.