ClawAudit verdict
asf-v4
AI software factory skill that refines requirements using a hybrid adaptive parser with no network access or credential use; purely a local analysis and code-generation orchestration tool.
⚠ Flagged for review — coarse, uncorroborated signal, not a confirmed exploit. Review the config yourself before installing.
Automated static analysis — not a human review. ClawAudit flags capabilities, not confirmed intent, and can produce false positives. Disagree with this verdict? Use Dispute below.
Findings (11)
Accesses OpenClaw config/secrets directly
README.md · code · ~/.openclaw/openclaw.json
Uses eval() — can execute arbitrary code
scripts/security-audit.sh · prose · downgraded · eval(
Possible hardcoded credential
scripts/update-providers-config.js · prose · downgraded · apiKey: '${ANTHROPIC_API_KEY}
Accesses sensitive system files
src/sandbox/__tests__/sandbox.test.ts · prose · downgraded · /etc/passwd
Dynamic import() — loads module at runtime
index.ts · prose · downgraded · import('
References sudo — requests elevated privileges
src/memory/embedding_options.ts · prose · downgraded · sudo
apt-get install — installs system packages
src/memory/embedding_options.ts · prose · downgraded · apt-get install
Accesses .ssh directory
src/sandbox/__tests__/sandbox.test.ts · prose · downgraded · .ssh/
References child_process — can spawn system processes
src/security-sandbox.ts · prose · downgraded · child_process
Uses exec() — may execute shell commands
src/skills/requirement-refiner-skill.ts · prose · downgraded · exec(
Accesses sensitive environment variables
src/memory/embedding_options.ts · prose · downgraded · process.env.ALGER_BAILIAN_API_KEY
Permissions & capabilities
No declared permissions — minimal attack surface.
Is this flag fair?
Thanks — recorded.