ClawAudit verdict
opensoul
Reads local files AND makes external network calls
The skill requires a Bitcoin SV private key (WIF format) stored as an environment variable and posts encrypted agent audit logs to the public BSV blockchain, constituting real financial transactions and exposure of agent activity to a public ledger.
Automated static analysis โ not a human review. ClawAudit flags capabilities, not confirmed intent, and can produce false positives. Disagree with this verdict? Use Dispute below.
What it does
These are capability combinations: each listed behavior occurs in the skill, but ClawAudit detects co-occurrence โ it does not verify that one flows into another. Read the code to confirm a live chain.
Reads local files AND makes external network calls โ the capabilities for data exfiltration co-occur (data-flow not verified)
LLM02 ยท LLM06 ยท ASI03
Accesses credentials AND makes external network calls โ potential credential theft
LLM02 ยท ASI03
Permission integrity
network_out
file_read
credential_access
package_install
Findings (3)
References sudo โ requests elevated privileges
PREREQUISITES.md ยท code ยท sudo
apt-get install โ installs system packages
PREREQUISITES.md ยท code ยท apt-get install
Python os.getenv โ reads environment variable
SKILL.md ยท code ยท os.getenv(
Permissions & capabilities
No declared permissions โ minimal attack surface.
package_installcredential_accessfile_readnetwork_out Thanks โ recorded.