ClawAudit verdict
cloudflare-workers
Accesses credentials AND makes external network calls
Comprehensive Cloudflare Workers development guide covering deployment workflows, bindings, and tooling; credential access is for the user's own Cloudflare API token used legitimately for deployment.
Automated static analysis — not a human review. ClawAudit flags capabilities, not confirmed intent, and can produce false positives. Disagree with this verdict? Use Dispute below.
What it does
These are capability combinations: each listed behavior occurs in the skill, but ClawAudit detects co-occurrence — it does not verify that one flows into another. Read the code to confirm a live chain.
Accesses credentials AND makes external network calls — potential credential theft
LLM02 · ASI03
Permission integrity
network_out
credential_access
package_install
Findings (6)
Possible hardcoded credential
SKILL.md · code · API_KEY = "development-key
Uses exec() — may execute shell commands
references/bindings-complete-guide.md · code · exec(
Opens WebSocket connection
references/advanced-features.md · code · websocket
Base64 encode (btoa) — may obfuscate data exfiltration
references/development-patterns.md · code · btoa(
String.fromCharCode — can build strings to evade detection
references/development-patterns.md · code · String.fromCharCode
Makes HTTP request to external URL
references/advanced-features.md · code · fetch(
`https://
Permissions & capabilities
Requires 1 system binary.
package_installnetwork_outnetwork_incredential_access Thanks — recorded.