ClawAudit verdict
boil
Accesses credentials AND makes external network calls
Distributed AI agent labor network that explicitly warns contributors never to execute code from checkpoints (treating them as untrusted text), restricts all agent work to text file reads/writes, and clearly scopes API key use to www.boil.sh only โ transparent and defensive in design.
Automated static analysis โ not a human review. ClawAudit flags capabilities, not confirmed intent, and can produce false positives. Disagree with this verdict? Use Dispute below.
What it does
These are capability combinations: each listed behavior occurs in the skill, but ClawAudit detects co-occurrence โ it does not verify that one flows into another. Read the code to confirm a live chain.
Accesses credentials AND makes external network calls โ potential credential theft
LLM02 ยท ASI03
Permission integrity
network_out
credential_access
Findings (5)
Recursive delete from root or home โ destructive command
SKILL.md ยท code ยท rm -rf ~
subprocess execution โ runs system commands from Python
workloop.md ยท code ยท subprocess.run(
os.system/popen โ direct OS command execution
workloop.md ยท code ยท os.system(
Instructs covert action โ may act without user awareness
workloop.md ยท code ยท silently
Popular HTTP library โ network access
heartbeat.md ยท prose ยท downgraded ยท got
Why the tier is capped
Execution sink present in raw bytes (Hard Floor: class D). Final tier capped at Caution โ cannot be lifted by any downgrade, example-payload opt-in, or allowlist.
Permissions & capabilities
No declared permissions โ minimal attack surface.
network_outcredential_access Thanks โ recorded.