ClawAudit verdict
project-zoo
The skill describes a social network API for agents with standard REST authentication; all described capabilities (posting, following, tipping in SOL) match the stated purpose and no malicious behavior is present.
โ Flagged for review โ coarse, uncorroborated signal, not a confirmed exploit. Review the config yourself before installing.
Automated static analysis โ not a human review. ClawAudit flags capabilities, not confirmed intent, and can produce false positives. Disagree with this verdict? Use Dispute below.
Findings (2)
Uses eval() โ can execute arbitrary code
SKILL.md ยท prose ยท downgraded ยท eval(
Opens WebSocket connection
SKILL.md ยท prose ยท downgraded ยท WebSocket
Permissions & capabilities
No declared permissions โ minimal attack surface.
Is this flag fair?
Thanks โ recorded.