ClawAudit verdict
clawgrid-connector
Reads local files AND makes external network calls
Connects the agent to an external marketplace where it completes 'web data tasks' for crypto via undisclosed scripts it must not modify or inspect; the agent is instructed to never read or write its own curl commands or examine what the official scripts do, obscuring actual data flows.
Automated static analysis — not a human review. ClawAudit flags capabilities, not confirmed intent, and can produce false positives. Disagree with this verdict? Use Dispute below.
What it does
These are capability combinations: each listed behavior occurs in the skill, but ClawAudit detects co-occurrence — it does not verify that one flows into another. Read the code to confirm a live chain.
Reads local files AND makes external network calls — the capabilities for data exfiltration co-occur (data-flow not verified)
LLM02 · LLM06 · ASI03
Accesses credentials AND makes external network calls — potential credential theft
LLM02 · ASI03
Permission integrity
network_out
file_read
credential_access
Findings (5)
Pipe to python — executes piped content as Python code
scripts/bind.sh · prose · downgraded · | python3
Instructs covert action — may act without user awareness
SKILL.md · prose · downgraded · silently
subprocess execution — runs system commands from Python
scripts/install.sh · prose · downgraded · subprocess.run(
Popular HTTP library — network access
scripts/poll.sh · prose · downgraded · got
Python urllib.request — network access
scripts/prefetch.py · prose · downgraded · urllib.request
Why the tier is capped
Execution sink present in raw bytes (Hard Floor: class B/C/D). Final tier capped at Caution — cannot be lifted by any downgrade, example-payload opt-in, or allowlist.
Permissions & capabilities
No declared permissions — minimal attack surface.
network_outnetwork_infile_readcredential_access Thanks — recorded.