ClawAudit verdict
metengine-data-agent
Accesses agent memory/notes AND makes external network calls
The skill instructs agents to automatically overwrite the skill file weekly by fetching content from an external URL (metengine.xyz), allowing the skill author to push arbitrary new instructions to any agent that installed it.
Automated static analysis — not a human review. ClawAudit flags capabilities, not confirmed intent, and can produce false positives. Disagree with this verdict? Use Dispute below.
What it does
These are capability combinations: each listed behavior occurs in the skill, but ClawAudit detects co-occurrence — it does not verify that one flows into another. Read the code to confirm a live chain.
Accesses agent memory/notes AND makes external network calls — may leak personal data
LLM02 · LLM07 · ASI03 · ASI06
Accesses credentials AND makes external network calls — potential credential theft
LLM02 · ASI03
Accesses credentials AND encodes data — may obfuscate stolen credentials
LLM02 · ASI03 · ASI04
Accesses agent memory AND makes external network calls — may leak conversation history
LLM02 · LLM07 · ASI06
Permission integrity
network_out
credential_access
agent_memory
Findings (4)
References agent memory files
SKILL.md · code · memory.md
Accesses sensitive environment variables
SKILL.md · code · process.env.SOLANA_PRIVATE_KEY
Popular HTTP library — network access
SKILL.md · code · got
Opens WebSocket connection
SKILL.md · prose · downgraded · WebSocket
Permissions & capabilities
No declared permissions — minimal attack surface.
network_outagent_memorynetwork_incredential_accessdata_encoding Thanks — recorded.