ClawAudit verdict
buddy-card
Accesses credentials AND makes external network calls
The skill reads the user's Claude Code OAuth access token from the macOS Keychain and sends it to api.anthropic.com to fetch an account UUID — while calls are to Anthropic's own API and no exfiltration to third-party servers is present, the framing ('leaked source v2.1.88') is fabricated social engineering, and extracting live OAuth credentials from Keychain for a novelty feature warrants elevated concern.
Automated static analysis — not a human review. ClawAudit flags capabilities, not confirmed intent, and can produce false positives. Disagree with this verdict? Use Dispute below.
What it does
These are capability combinations: each listed behavior occurs in the skill, but ClawAudit detects co-occurrence — it does not verify that one flows into another. Read the code to confirm a live chain.
Accesses credentials AND makes external network calls — potential credential theft
LLM02 · ASI03
Permission integrity
network_out
credential_access
Findings (9)
Pipe to python — executes piped content as Python code
SKILL.md · code · | python3
Possible hardcoded credential
README.md · code · API_KEY="paste-your-key-here
Accesses system credential store
README.md · code · Keychain
HTTP request to bare IP address — common in malicious payloads
SKILL.md · code · http://127.0.0.1
Accesses shell history/config
README.md · code · ~/.zshrc
References child_process — can spawn system processes
scripts/generate-image.ts · prose · downgraded · child_process
Blob URL — may embed executable content
SKILL.md · prose · downgraded · blob:
Popular HTTP library — network access
README.md · prose · downgraded · got
Accesses sensitive environment variables
scripts/generate-image.ts · prose · downgraded · process.env.GOOGLE_API_KEY
Permissions & capabilities
No declared permissions — minimal attack surface.
credential_accessnetwork_out Thanks — recorded.