ClawAudit verdict
micropython-skills
Writes files AND executes processes
Embedded development skill for ESP32 and Pico boards via MicroPython REPL; all operations are local hardware interactions with no network exfiltration.
Automated static analysis — not a human review. ClawAudit flags capabilities, not confirmed intent, and can produce false positives. Disagree with this verdict? Use Dispute below.
What it does
These are capability combinations: each listed behavior occurs in the skill, but ClawAudit detects co-occurrence — it does not verify that one flows into another. Read the code to confirm a live chain.
Writes files AND executes processes — may drop and execute malicious scripts
LLM05 · LLM06 · ASI05
Both reads and writes files — verify scope is limited to intended directories
LLM06 · ASI02
Findings (10)
Possible hardcoded credential
references/esp32.md · code · password="12345678
Uses exec() — may execute shell commands
SKILL.md · code · exec(
Instructs covert action — may act without user awareness
SKILL.md · prose · downgraded · silently
References sudo — requests elevated privileges
SKILL.md · prose · downgraded · sudo
Opens WebSocket connection
skills/network/SKILL.md · frontmatter · WebSocket
Blob URL — may embed executable content
references/esp32.md · code · blob:
subprocess execution — runs system commands from Python
scripts/device_probe.py · prose · downgraded · subprocess.run(
POSTs data to external URL
skills/network/SKILL.md · code · .post(
"http://
Python urllib.request — network access
scripts/firmware_flash.py · prose · downgraded · urllib.request
Python directory traversal
skills/diagnostic/SKILL.md · code · os.listdir(
Why the tier is capped
Execution sink present in raw bytes (Hard Floor: class D). Final tier capped at Caution — cannot be lifted by any downgrade, example-payload opt-in, or allowlist.
Permissions & capabilities
Requires 3 system binaries.
file_readprocess_execfile_write Thanks — recorded.