ClawAudit verdict
ai-photo-assistant
The skill provides information about AI photo services, queries prices, recommends photo styles, and guides users to order. No potential security concerns are present.
โ Flagged for review โ coarse, uncorroborated signal, not a confirmed exploit. Review the config yourself before installing.
Automated static analysis โ not a human review. ClawAudit flags capabilities, not confirmed intent, and can produce false positives. Disagree with this verdict? Use Dispute below.
Findings (2)
Accesses sensitive environment variables
assistant.js ยท prose ยท downgraded ยท process.env.DEEPSEEK_API_KEY
Node http/https module โ low-level network access
assistant.js ยท prose ยท downgraded ยท require('https')
Permissions & capabilities
No declared permissions โ minimal attack surface.
Is this flag fair?
Thanks โ recorded.