ClawAudit verdict
automatic-skill
Meta-skill for automated skill generation and publishing pipeline using GitHub CLI and ClawHub with explicitly scoped tokens (GITHUB_TOKEN, CLAWHUB_TOKEN); all actions match the stated autonomous skill-factory purpose.
⚠ Flagged for review — coarse, uncorroborated signal, not a confirmed exploit. Review the config yourself before installing.
Automated static analysis — not a human review. ClawAudit flags capabilities, not confirmed intent, and can produce false positives. Disagree with this verdict? Use Dispute below.
Findings (7)
Writes to SKILL.md — self-modifying skill
scripts/create.js · prose · downgraded · SKILL.md name, description, all section headings and body text: write
Possible hardcoded credential
scripts/scan-fix.js · prose · downgraded · token = "ghp_abc123...
Accesses shell history/config
SKILL.md · prose · downgraded · ~/.zshrc
References sudo — requests elevated privileges
SKILL.md · prose · downgraded · sudo
Instructs covert action — may act without user awareness
scripts/review.js · prose · downgraded · silently
Base64 encoding/decoding
data/safety-patterns.json · prose · downgraded · BASE64_DECODE
Accesses sensitive environment variables
scripts/scan-fix.js · prose · downgraded · process.env.GITHUB_TOKEN
Permissions & capabilities
No declared permissions — minimal attack surface.
Is this flag fair?
Thanks — recorded.