ClawAudit verdict
awp-workflow-builder
The skill generates workflows and interacts with the AWP API, which may lead to excessive network activity. However, there is no clear evidence of malicious behavior.
⚠ Flagged for review — coarse, uncorroborated signal, not a confirmed exploit. Review the config yourself before installing.
Automated static analysis — not a human review. ClawAudit flags capabilities, not confirmed intent, and can produce false positives. Disagree with this verdict? Use Dispute below.
Permission integrity
network_out
package_install
Findings (9)
Recursive delete from root or home — destructive command
extensions/examples/devops.md · code · rm -rf /
Pipe to python — executes piped content as Python code
SKILL.md · prose · downgraded · |python
Possible hardcoded credential
SKILL.md · prose · downgraded · API_KEY="sk-or-...
subprocess execution — runs system commands from Python
extensions/examples/devops.md · code · subprocess.run(
subprocess with shell=True — command injection vector
extensions/examples/devops.md · code · subprocess.run(
command, shell=True
References agent memory files
adapters/cloudflare-dynamic-workers.md · code · MEMORY.md
Python httpx request — network access
extensions/examples/devops.md · code · httpx.get(
Base64 encoding/decoding
SKILL.md · prose · downgraded · base64-encode
References agent configuration files
templates/adapters/cloudflare/src/index.ts · prose · downgraded · AgentConfig
Why the tier is capped
Execution sink present in raw bytes (Hard Floor: class D). Final tier capped at Caution — cannot be lifted by any downgrade, example-payload opt-in, or allowlist.
Permissions & capabilities
No declared permissions — minimal attack surface.
package_installnetwork_out Is this flag fair?
Thanks — recorded.