ClawAudit verdict
lifepath
The skill provides an AI life simulator but uses capabilities that could be risky if not properly handled.
⚠ Flagged for review — coarse, uncorroborated signal, not a confirmed exploit. Review the config yourself before installing.
Automated static analysis — not a human review. ClawAudit flags capabilities, not confirmed intent, and can produce false positives. Disagree with this verdict? Use Dispute below.
Permission integrity
network_out
package_install
Findings (5)
References sudo — requests elevated privileges
INSTALL.md · prose · downgraded · sudo
apt-get install — installs system packages
INSTALL.md · prose · downgraded · apt-get install
Popular HTTP library — network access
package.json · prose · downgraded · axios
Accesses sensitive environment variables
src/routes/moltbook.js · prose · downgraded · process.env.MOLTBOOK_API_KEY
POSTs data to external URL
src/services/imageService.js · prose · downgraded · .post(
`https://
Permissions & capabilities
No declared permissions — minimal attack surface.
network_inpackage_installnetwork_out Is this flag fair?
Thanks — recorded.