ClawAudit verdict
fix-lifecycle-stages
The skill ensures proper lifecycle stages for contacts and companies, using legitimate API calls to backfill missing stages and create prevention workflows, with no evidence of malicious behavior.
โ Flagged for review โ coarse, uncorroborated signal, not a confirmed exploit. Review the config yourself before installing.
Automated static analysis โ not a human review. ClawAudit flags capabilities, not confirmed intent, and can produce false positives. Disagree with this verdict? Use Dispute below.
Findings (2)
Instructs covert action โ may act without user awareness
SKILL.md ยท code ยท silently
Python os.getenv โ reads environment variable
SKILL.md ยท code ยท os.getenv(
Permissions & capabilities
No declared permissions โ minimal attack surface.
credential_access Is this flag fair?
Thanks โ recorded.