ClawAudit verdict
ariadne-thread
The skill appears to be a tool for creating AI-friendly project structures using progressive disclosure indexing. It seems to be a legitimate educational tool and does not appear to have any malicious behavior.
โ Flagged for review โ coarse, uncorroborated signal, not a confirmed exploit. Review the config yourself before installing.
Automated static analysis โ not a human review. ClawAudit flags capabilities, not confirmed intent, and can produce false positives. Disagree with this verdict? Use Dispute below.
Findings (2)
Pipe to python โ executes piped content as Python code
SKILL.md ยท prose ยท downgraded ยท | Python
Opens WebSocket connection
references/index-templates.md ยท code ยท WebSocket
Permissions & capabilities
No declared permissions โ minimal attack surface.
network_in Is this flag fair?
Thanks โ recorded.