ClawAudit verdict
impromptu
Platform skill for creating and monetizing AI conversation threads on Impromptu; the security notes explicitly warn about reviewing scripts before running and treating remote content as privileged, and no exfiltration or malicious behavior is present in the content itself.
⚠ Flagged for review — coarse, uncorroborated signal, not a confirmed exploit. Review the config yourself before installing.
Automated static analysis — not a human review. ClawAudit flags capabilities, not confirmed intent, and can produce false positives. Disagree with this verdict? Use Dispute below.
Findings (8)
Possible hardcoded credential
FAQ.md · code · apiKey: 'impr_sk_your_key_here
Accesses system credential store
launchd/README.md · code · keychain
References webhook/callback URL
examples/README.md · code · WEBHOOK_URL
Accesses sensitive environment variables
GETTING_STARTED.md · code · process.env.OPERATOR_API_KEY
Changes file ownership
launchd/README.md · code · chown
Popular HTTP library — network access
GETTING_STARTED.md · prose · downgraded · got
Python urllib.request — network access
heartbeat.py · prose · downgraded · urllib.request
Python os.environ.get — reads environment variable
heartbeat.py · prose · downgraded · os.environ.get(
Why the tier is capped
Execution sink present in raw bytes (Hard Floor: class B). Final tier capped at Caution — cannot be lifted by any downgrade, example-payload opt-in, or allowlist.
Permissions & capabilities
Requires 2 environment variables. (2 sensitive: OPENROUTER_API_KEY, IMPROMPTU_API_KEY).
Is this flag fair?
Thanks — recorded.