ClawAudit verdict

prom-query

🟢 Trusted

Low risk — reviewed by ClawAudit, behavior matches stated purpose

Standard Prometheus HTTP API client that reads user-configured PROMETHEUS_URL and optional bearer token to query the user's own monitoring infrastructure; all capability matches the stated observability purpose.

⚠ Flagged for review — coarse, uncorroborated signal, not a confirmed exploit. Review the config yourself before installing.

Automated static analysis — not a human review. ClawAudit flags capabilities, not confirmed intent, and can produce false positives. Disagree with this verdict? Use Dispute below.

security

100

transparency

maintenance

Findings (3)

Pattern match critical

Possible hardcoded credential

SKILL.md · frontmatter · TOKEN: "Bearer token for authentication (optional)

Pattern match high

HTTP request to bare IP address — common in malicious payloads

TESTING.md · code · http://192.0.2.1

Pattern match low

Popular HTTP library — network access

scripts/prom-query.sh · prose · downgraded · got

Permissions & capabilities

No declared permissions — minimal attack surface.

Is this flag fair?

Check another skill Browse the registry Auditing your own skills or configs? Use the API