ClawAudit verdict

pretext-reporter-bao

88
🟢 Trusted
Low risk — reviewed by ClawAudit, behavior matches stated purpose

A local text measurement and Canvas layout tool built on the open-source @chenglou/pretext library; package_install is for npm dependencies, all computation is local arithmetic with no external data transmission.

⚠ Flagged for review — coarse, uncorroborated signal, not a confirmed exploit. Review the config yourself before installing.

Automated static analysis — not a human review. ClawAudit flags capabilities, not confirmed intent, and can produce false positives. Disagree with this verdict? Use Dispute below.

5
security
80
transparency
80
maintenance

Permission integrity

Installs packages at runtime — transitive dependencies are not auditable

package_install

Findings (10)

Pattern match critical

Unicode homoglyph detected — uses lookalike characters to evade pattern matching

pretext/corpora/mixed-app-text.txt · prose

Pattern match medium

Long base64 string (100+ chars) — likely obfuscated payload

pretext/pages/benchmark.ts · prose · downgraded · AlphaBetaGammaDeltaEpsilonZetaEtaThetaIotaKappaLambdaMuNuXiOmicronPiRhoSigmaTauU

Pattern match medium

References child_process — can spawn system processes

pretext/scripts/accuracy-check.ts · prose · downgraded · child_process

Pattern match medium

HTTP request to bare IP address — common in malicious payloads

pretext/scripts/accuracy-check.ts · prose · downgraded · http://127.0.0.1

Pattern match medium

Uses spawn() — can execute external programs

pretext/scripts/accuracy-check.ts · prose · downgraded · spawn(

Pattern match medium

Dynamic import() — loads module at runtime

pretext/src/layout.test.ts · prose · downgraded · import('

Pattern match low

References tunneling service

pretext/dist/analysis.js · prose · downgraded · serveO

Pattern match low

Blob URL — may embed executable content

pretext/pages/demos/dynamic-layout.ts · prose · downgraded · blob:

Pattern match low

Opens WebSocket connection

pretext/scripts/browser-automation.ts · prose · downgraded · WebSocket

Pattern match low

Bun file read API

pretext/scripts/build-demo-site.ts · prose · downgraded · Bun.file(

Why the tier is capped

Execution sink present in raw bytes (Hard Floor: class B/D). Final tier capped at Caution — cannot be lifted by any downgrade, example-payload opt-in, or allowlist.

Permissions & capabilities

No declared permissions — minimal attack surface.

package_install

Is this flag fair?

Check another skill Browse the registry Auditing your own skills or configs? Use the API