ClawAudit verdict

clawroam

getlighty-clawroam

88
🟢 Trusted
Low risk — reviewed by ClawAudit, behavior matches stated purpose

Agent workspace sync skill backed by user-chosen storage providers (Google Drive, Git, etc.) with Ed25519 encryption and explicit provider selection; exec/file tools used transparently for sync operations that match the stated purpose.

⚠ Flagged for review — coarse, uncorroborated signal, not a confirmed exploit. Review the config yourself before installing.

Automated static analysis — not a human review. ClawAudit flags capabilities, not confirmed intent, and can produce false positives. Disagree with this verdict? Use Dispute below.

0
security
80
transparency
90
maintenance

Permission integrity

Accesses agent memory/configuration files

agent_memory

Findings (15)

Pattern match critical

Pipe to python — executes piped content as Python code

docs/plans/2026-02-23-file-sync-rules.md · code · | python3

Pattern match high

Pipe-to-shell pattern (curl | sh) — supply chain attack vector

providers/dropbox.sh · prose · downgraded · curl https://rclone.org/install.sh | bash

Pattern match high

Pipe to bash — executes piped content as shell commands

providers/dropbox.sh · prose · downgraded · | bash

Pattern match high

Possible hardcoded credential

providers/webdav.sh · prose · downgraded · Password: " pass; echo

Pattern match medium

References agent memory files

SKILL.md · code · MEMORY.md

Pattern match medium

References SSH/GPG private keys

CLAUDE.md · prose · downgraded · ssh-key

Pattern match medium

Base64 decode (atob) — may hide malicious payloads

cloud-api-worker/src/index.ts · prose · downgraded · atob(

Pattern match medium

References sudo — requests elevated privileges

providers/dropbox.sh · prose · downgraded · sudo

Pattern match medium

Hex-encoded string — possible obfuscated payload

src/keypair.sh · prose · downgraded · \x30\x05\x06\x03\x2b\x65\x70

Pattern match low

Base64 encode (btoa) — may obfuscate data exfiltration

cloud-api-worker/src/index.ts · prose · downgraded · btoa(

Pattern match low

String.fromCharCode — can build strings to evade detection

cloud-api-worker/src/index.ts · prose · downgraded · String.fromCharCode

Pattern match low

Popular HTTP library — network access

cloud-api/src/auth.ts · prose · downgraded · got

Pattern match low

Accesses sensitive environment variables

cloud-api/src/billing.ts · prose · downgraded · process.env.STRIPE_SECRET_KEY

Pattern match low

Sets world-executable permissions

src/keypair.sh · prose · downgraded · chmod 700

Pattern match low

pip3 install — installs Python packages at runtime

track-packages.sh · prose · downgraded · pip3 install

Why the tier is capped

Execution sink present in raw bytes (Hard Floor: class A/B/F). Final tier capped at Caution — cannot be lifted by any downgrade, example-payload opt-in, or allowlist.

Permissions & capabilities

No declared permissions — minimal attack surface.

agent_memory

Is this flag fair?

Check another skill Browse the registry Auditing your own skills or configs? Use the API