ClawAudit verdict

revenium

88
🟢 Trusted
Low risk — reviewed by ClawAudit, behavior matches stated purpose

Usage metering and budget guardrail skill that reads a local status file written by a background cron job and halts the agent if budget limits are exceeded; the enforcement pattern is conservative and user-protective with no external data exfiltration.

⚠ Flagged for review — coarse, uncorroborated signal, not a confirmed exploit. Review the config yourself before installing.

Automated static analysis — not a human review. ClawAudit flags capabilities, not confirmed intent, and can produce false positives. Disagree with this verdict? Use Dispute below.

0
security
90
transparency
70
maintenance

Findings (17)

Pattern match critical

Possible hardcoded credential

docs/nemoclaw-setup.md · code · api-key: "your-api-key

Pattern match critical

Recursive delete from root or home — destructive command

docs/nemoclaw-setup.md · code · rm -rf ~

Pattern match high

Instructs covert action — may act without user awareness

docs/nemoclaw-setup.md · code · silently

Pattern match high

Pipe-to-shell pattern (curl | sh) — supply chain attack vector

docs/nemoclaw-setup.md · prose · downgraded · curl -fsSL https://www.nvidia.com/nemoclaw.sh | bash

Pattern match high

Pipe to bash — executes piped content as shell commands

docs/nemoclaw-setup.md · prose · downgraded · | bash

Pattern match high

Pipe to sh — executes piped content as shell commands

plugin-nemoclaw/src/gate.js · prose · downgraded · |sh

Pattern match high

Writes to SKILL.md — self-modifying skill

references/task-classification.md · prose · downgraded · SKILL.md`. Refer here for trigger rules, the `write

Pattern match high

Pipe to python — executes piped content as Python code

scripts/guardrail-check.sh · prose · downgraded · | python3

Pattern match medium

Dynamic import() — loads module at runtime

plugin-nemoclaw/src/index.test.js · prose · downgraded · import("

Pattern match medium

Uses exec() — may execute shell commands

plugin-nemoclaw/src/index.test.js · prose · downgraded · exec (

Pattern match medium

Accesses OpenClaw config/secrets directly

README.md · prose · downgraded · ~/.openclaw/openclaw.json

Pattern match medium

apt-get install — installs system packages

scripts/install-nemoclaw-cron.sh · prose · downgraded · apt-get install

Pattern match medium

References sudo — requests elevated privileges

scripts/post-install.sh · prose · downgraded · sudo

Pattern match medium

subprocess execution — runs system commands from Python

tests/test_get_root_session_id.py · prose · downgraded · subprocess.run(

Pattern match low

Popular HTTP library — network access

plugin-nemoclaw/src/index.test.js · prose · downgraded · got

Pattern match low

Python os.environ.get — reads environment variable

scripts/get-root-session-id.py · prose · downgraded · os.environ.get(

Pattern match low

Sets world-executable permissions

scripts/post-install.sh · prose · downgraded · chmod 700

Why the tier is capped

Execution sink present in raw bytes (Hard Floor: class A/B/D/F). Final tier capped at Caution — cannot be lifted by any downgrade, example-payload opt-in, or allowlist.

Permissions & capabilities

Requires 1 system binary.

Is this flag fair?

Check another skill Browse the registry Auditing your own skills or configs? Use the API