ClawAudit verdict

index-cards

88
🟢 Trusted
Low risk — reviewed by ClawAudit, behavior matches stated purpose

Requires explicit user consent for contact data and only sends minimal info to a known API.

⚠ Flagged for review — coarse, uncorroborated signal, not a confirmed exploit. Review the config yourself before installing.

Automated static analysis — not a human review. ClawAudit flags capabilities, not confirmed intent, and can produce false positives. Disagree with this verdict? Use Dispute below.

95
security
90
transparency
70
maintenance

Findings (3)

Coarse signal — prose, single-step high

Instruction-prose smuggling shape detected: collects a sensitive target ("passwords") and emits it outward ("send"). Phrased as prose with no trigger tokens — a semantic prompt-injection / data-exfil pattern the syntactic scanners can't see. Final tier capped at Caution; review the instructions before installing.

SKILL.md · - Does not read contacts, messages, calendar, or email without asking the user first - Does not send contact data to the API — contact info is only cached local

Pattern match low

Popular HTTP library — network access

SKILL.md · prose · downgraded · got

Pattern match low

Base64 encoding/decoding

SKILL.md · prose · downgraded · Base64Encode

Permissions & capabilities

No declared permissions — minimal attack surface.

Is this flag fair?

Check another skill Browse the registry Auditing your own skills or configs? Use the API