ClawAudit verdict

crypto-news

get-news

88
🟢 Trusted
Low risk — reviewed by ClawAudit, behavior matches stated purpose

Fetches news from a public API, filters and formats it locally; no malicious network activity or credential misuse is present.

⚠ Flagged for review — coarse, uncorroborated signal, not a confirmed exploit. Review the config yourself before installing.

Automated static analysis — not a human review. ClawAudit flags capabilities, not confirmed intent, and can produce false positives. Disagree with this verdict? Use Dispute below.

45
security
100
transparency
80
maintenance

Findings (6)

Pattern match high

Possible hardcoded credential

push-news.js · prose · downgraded · TOKEN = '30176f5d9e3d3372a70cefc8c1cf34248e5abc5888ec5519

Pattern match medium

Opens WebSocket connection

node_modules/ws/README.md · code · WebSocket

Pattern match medium

References child_process — can spawn system processes

push-news.js · prose · downgraded · child_process

Pattern match medium

HTTP request to bare IP address — common in malicious payloads

push-news.js · prose · downgraded · http://127.0.0.1

Pattern match low

process.nextTick — defers execution to next tick

node_modules/ws/lib/sender.js · prose · downgraded · process.nextTick(

Pattern match low

Node http/https module — low-level network access

node_modules/ws/lib/websocket-server.js · prose · downgraded · require('http')

Why the tier is capped

Execution sink present in raw bytes (Hard Floor: class D). Final tier capped at Caution — cannot be lifted by any downgrade, example-payload opt-in, or allowlist.

Permissions & capabilities

No declared permissions — minimal attack surface.

Is this flag fair?

Check another skill Browse the registry Auditing your own skills or configs? Use the API