ClawAudit verdict

ctf-misc

88
🟢 Trusted
Low risk — reviewed by ClawAudit, behavior matches stated purpose

Reads local files AND makes external network calls

A CTF miscellaneous challenge reference skill covering encoding, steganography, Python/bash jails, and SDR signal analysis; all techniques are documented for legitimate CTF competition use and the installed packages (z3-solver, pwntools, Pillow) are standard CTF tools.

Automated static analysis — not a human review. ClawAudit flags capabilities, not confirmed intent, and can produce false positives. Disagree with this verdict? Use Dispute below.

0
security
60
transparency
70
maintenance

What it does

These are capability combinations: each listed behavior occurs in the skill, but ClawAudit detects co-occurrence — it does not verify that one flows into another. Read the code to confirm a live chain.

Capability combination critical

Reads local files AND makes external network calls — the capabilities for data exfiltration co-occur (data-flow not verified)

LLM02 · LLM06 · ASI03

Capability combination critical

Reads files, encodes data, AND makes external network calls — the obfuscated-exfiltration pattern (data-flow not verified)

LLM02 · ASI03

Permission integrity

Makes network requests but does not declare curl/wget in required binaries

network_out

Performs file operations but does not declare file-accessing binaries

file_read

Installs packages at runtime — transitive dependencies are not auditable

package_install

Findings (17)

Pattern match critical

Dynamic __import__('os') — Python OS command execution

SKILL.md · code · __import__('os')

Pattern match critical

Accesses sensitive system files

SKILL.md · code · /etc/passwd

Pattern match critical

Bash /dev/tcp — raw TCP connection via shell

bashjails.md · code · /dev/tcp/

Pattern match critical

Possible hardcoded credential

linux-privesc.md · code · PASSWORD='postgres

Pattern match critical

Direct __builtins__ access — can invoke any builtin function

pyjails.md · code · __builtins__.

Pattern match critical

Uses eval() — can execute arbitrary code

pyjails.md · code · eval(

Pattern match high

References sudo — requests elevated privileges

SKILL.md · code · Sudo

Pattern match high

os.system/popen — direct OS command execution

games-and-vms-3.md · code · os.system(

Pattern match high

Pipe to bash — executes piped content as shell commands

bashjails.md · prose · downgraded · | bash

Pattern match high

Pipe to sh — executes piped content as shell commands

bashjails.md · prose · downgraded · | sh

Pattern match high

subprocess execution — runs system commands from Python

dns.md · code · subprocess.check_output(

Pattern match high

HTTP request to bare IP address — common in malicious payloads

linux-privesc.md · code · http://127.0.0.1

Pattern match high

Uses exec() — may execute shell commands

pyjails.md · code · exec(

Pattern match medium

Sets world-executable permissions

linux-privesc.md · code · chmod 4777

Pattern match low

Opens WebSocket connection

SKILL.md · prose · downgraded · WebSocket

Pattern match low

Base64 encoding/decoding

encodings-advanced.md · prose · downgraded · base64-decode

Pattern match low

Python directory traversal

encodings.md · code · os.listdir(

Why the tier is capped

Execution sink present in raw bytes (Hard Floor: class A/B/D). Final tier capped at Caution — cannot be lifted by any downgrade, example-payload opt-in, or allowlist.

Permissions & capabilities

No declared permissions — minimal attack surface.

package_installdata_encodingfile_readnetwork_out
Check another skill Browse the registry Auditing your own skills or configs? Use the API