ClawAudit verdict
bizcard
Reads local files AND makes external network calls
Business card scanner that uses OCR via Gemini Flash and saves extracted contact data to Google Contacts via documented APIs (MATON_API_KEY, NANO_BANANA_API_KEY); behavior fully matches stated purpose with user confirmation before saving.
Automated static analysis — not a human review. ClawAudit flags capabilities, not confirmed intent, and can produce false positives. Disagree with this verdict? Use Dispute below.
What it does
These are capability combinations: each listed behavior occurs in the skill, but ClawAudit detects co-occurrence — it does not verify that one flows into another. Read the code to confirm a live chain.
Reads local files AND makes external network calls — the capabilities for data exfiltration co-occur (data-flow not verified)
LLM02 · LLM06 · ASI03
Reads files, encodes data, AND makes external network calls — the obfuscated-exfiltration pattern (data-flow not verified)
LLM02 · ASI03
Accesses credentials AND makes external network calls — potential credential theft
LLM02 · ASI03
Accesses credentials AND encodes data — may obfuscate stolen credentials
LLM02 · ASI03 · ASI04
Permission integrity
network_out
file_read
Findings (5)
Possible hardcoded credential
README.md · code · API_KEY="your-key-here
Accesses shell history/config
README.md · code · ~/.zshrc
Python urllib.request — network access
SKILL.md · code · urllib.request
Python os.environ.get — reads environment variable
SKILL.md · code · os.environ.get(
Base64 encoding/decoding
references/people-api-fields.md · code · base64-encode
Why the tier is capped
Execution sink present in raw bytes (Hard Floor: class F). Final tier capped at Caution — cannot be lifted by any downgrade, example-payload opt-in, or allowlist.
Permissions & capabilities
Requires 1 environment variable. (1 sensitive: [MATON_API_KEY, NANO_BANANA_API_KEY]).
network_outfile_readcredential_accessdata_encoding Thanks — recorded.