ClawAudit verdict
file-backup
The skill is used for backing up important files before modification and reminding users to check the changes, which is a legitimate and safe use of its capabilities.
โ Flagged for review โ coarse, uncorroborated signal, not a confirmed exploit. Review the config yourself before installing.
Automated static analysis โ not a human review. ClawAudit flags capabilities, not confirmed intent, and can produce false positives. Disagree with this verdict? Use Dispute below.
Findings (2)
Long base64 string (100+ chars) โ likely obfuscated payload
SKILL.md ยท frontmatter ยท 304502200aeae2a301f4803eddb248d5a31e8f539736d5b0e84643401248863a59f9eca1022100e7
References agent memory files
SKILL.md ยท prose ยท downgraded ยท MEMORY.md
Permissions & capabilities
No declared permissions โ minimal attack surface.
Is this flag fair?
Thanks โ recorded.