ClawAudit verdict
food-label-compliance-risks
Food label compliance review skill that processes uploaded images/PDFs locally using AI models, generates reports, and reads reference documents — no network exfiltration, no credential access, behavior matches stated purpose.
⚠ Flagged for review — coarse, uncorroborated signal, not a confirmed exploit. Review the config yourself before installing.
Automated static analysis — not a human review. ClawAudit flags capabilities, not confirmed intent, and can produce false positives. Disagree with this verdict? Use Dispute below.
Findings (1)
<script> tag in markdown — potential code injection
references/html-template.md · code · <script>
Permissions & capabilities
No declared permissions — minimal attack surface.
Is this flag fair?
Thanks — recorded.