ClawAudit verdict
bgsub
diffraction-scatter-background-substract
Scientific CLI toolkit for X-ray diffraction background subtraction; all documented operations (reading TIFF/EDF/H5 files, processing 1D/2D curves) match the stated scientific data-processing purpose with no exfiltration or remote code execution.
โ Flagged for review โ coarse, uncorroborated signal, not a confirmed exploit. Review the config yourself before installing.
Automated static analysis โ not a human review. ClawAudit flags capabilities, not confirmed intent, and can produce false positives. Disagree with this verdict? Use Dispute below.
Findings (3)
<script> tag in markdown โ potential code injection
README.md ยท code ยท <script>
Uses exec() โ may execute shell commands
scripts/compare_images.py ยท prose ยท downgraded ยท exec(
Popular HTTP library โ network access
lib/curve_data.py ยท prose ยท downgraded ยท got
Permissions & capabilities
No declared permissions โ minimal attack surface.
Is this flag fair?
Thanks โ recorded.