ClawAudit verdict

openclaw-essesseff

88
🟢 Trusted
Low risk — reviewed by ClawAudit, behavior matches stated purpose

Covers the essesseff DevOps platform API for managing templates, apps, and deployments; straightforward API client skill using documented endpoints with user-provided API keys.

⚠ Flagged for review — coarse, uncorroborated signal, not a confirmed exploit. Review the config yourself before installing.

Automated static analysis — not a human review. ClawAudit flags capabilities, not confirmed intent, and can produce false positives. Disagree with this verdict? Use Dispute below.

0
security
100
transparency
90
maintenance

Findings (5)

Pattern match high

Pipe to python — executes piped content as Python code

SKILL.md · prose · downgraded · |python

Pattern match high

Possible hardcoded credential

essesseff-example.txt · prose · downgraded · TOKEN="ghp_yourGitHubPersonalAccessToken

Pattern match high

References sudo — requests elevated privileges

references/prerequisites.md · code · sudo

Pattern match high

apt-get install — installs system packages

references/prerequisites.md · code · apt-get install

Pattern match medium

Accesses Kubernetes config (may contain cluster credentials)

references/prerequisites.md · prose · downgraded · ~/.kube/config

Permissions & capabilities

Requires 11 environment variables. (2 sensitive: ESSESSEFF_API_KEY, GITHUB_TOKEN). Requires 5 system binaries. (3 elevated: curl, git, kubectl).

Is this flag fair?

Check another skill Browse the registry Auditing your own skills or configs? Use the API