ClawAudit verdict
aegis-firewall
The skill is designed for defensive purposes, focusing on prompt-injection containment, security review, and anomaly detection. It emphasizes treating external content as data, distinguishing analysis from execution, and escalating before high-risk actions.
⚠ Flagged for review — coarse, uncorroborated signal, not a confirmed exploit. Review the config yourself before installing.
Automated static analysis — not a human review. ClawAudit flags capabilities, not confirmed intent, and can produce false positives. Disagree with this verdict? Use Dispute below.
Findings (9)
Pipe-to-shell pattern (curl | sh) — supply chain attack vector
references/detection-checklist.md · prose · downgraded · curl ... | bash
Pipe-to-shell pattern (wget | sh)
references/detection-checklist.md · prose · downgraded · wget ... | sh
Command substitution with curl — remote code execution
references/detection-checklist.md · prose · downgraded · bash -c "$(curl
Pipe to bash — executes piped content as shell commands
references/detection-checklist.md · prose · downgraded · | bash
Pipe to sh — executes piped content as shell commands
references/detection-checklist.md · prose · downgraded · | sh
Accesses .ssh directory
references/detection-checklist.md · prose · downgraded · .ssh/
Uses exec() — may execute shell commands
references/detection-checklist.md · prose · downgraded · exec(
Sets world-executable permissions
references/detection-checklist.md · prose · downgraded · chmod 777
Base64 encoding/decoding
references/examples.md · prose · downgraded · base64-decode
Why the tier is capped
Execution sink present in raw bytes (Hard Floor: class A/B/C/E). Final tier capped at Caution — cannot be lifted by any downgrade, example-payload opt-in, or allowlist.
Permissions & capabilities
No declared permissions — minimal attack surface.
Is this flag fair?
Thanks — recorded.