ClawAudit verdict
morgana-mordred-security-sandbox
mordred-security-sandbox
Penetration testing sandbox with 5 intentionally vulnerable systems for security training; explicitly designed for controlled local testing with Docker isolation, no exfiltration or external attack infrastructure present.
⚠ Flagged for review — coarse, uncorroborated signal, not a confirmed exploit. Review the config yourself before installing.
Automated static analysis — not a human review. ClawAudit flags capabilities, not confirmed intent, and can produce false positives. Disagree with this verdict? Use Dispute below.
Findings (11)
Possible hardcoded credential
SKILL.md · code · password = "anything
Dynamic __import__('os') — Python OS command execution
SKILL.md · code · __import__('os')
Prompt injection — tries to override agent instructions
SKILL.md · code · ignore previous instructions
Uses eval() — can execute arbitrary code
skills/security-analysis.md · code · eval(
Possible prompt injection — attempts to redefine agent identity
SKILL.md · code · You are now
Uses exec() — may execute shell commands
skills/security-analysis.md · code · exec(
subprocess execution — runs system commands from Python
skills/security-analysis.md · code · subprocess.run(
Accesses sensitive system files
src/systems/weak_sandbox.py · prose · downgraded · /etc/passwd
subprocess with shell=True — command injection vector
src/systems/weak_sandbox.py · prose · downgraded · subprocess.run(cmd, shell=True
Instructs covert action — may act without user awareness
vaccines/vaccine_data_leak.py · prose · downgraded · silently
Popular HTTP library — network access
vaccines/vaccine_flawed_auth.py · prose · downgraded · Got
Why the tier is capped
Execution sink present in raw bytes (Hard Floor: class D). Final tier capped at Caution — cannot be lifted by any downgrade, example-payload opt-in, or allowlist.
Permissions & capabilities
No declared permissions — minimal attack surface.
Is this flag fair?
Thanks — recorded.