ClawAudit verdict
ros2-skill
The skill is a ROS 2 control and monitoring tool. It does not exhibit any malicious behavior and appears to be designed for safe and controlled interaction with ROS 2 robots.
⚠ Flagged for review — coarse, uncorroborated signal, not a confirmed exploit. Review the config yourself before installing.
Automated static analysis — not a human review. ClawAudit flags capabilities, not confirmed intent, and can produce false positives. Disagree with this verdict? Use Dispute below.
Findings (6)
Instructs covert action — may act without user awareness
AGENTS.md · prose · downgraded · silently
References sudo — requests elevated privileges
scripts/ros2_component.py · prose · downgraded · sudo
subprocess execution — runs system commands from Python
scripts/ros2_control.py · prose · downgraded · subprocess.run(
subprocess with shell=True — command injection vector
scripts/ros2_utils.py · prose · downgraded · subprocess.run(
cmd, shell=True
Python os.environ.get — reads environment variable
scripts/ros2_cli.py · prose · downgraded · os.environ.get(
importlib.import_module — dynamic module loading
scripts/ros2_utils.py · prose · downgraded · importlib.import_module(
Why the tier is capped
Execution sink present in raw bytes (Hard Floor: class B/D/F). Final tier capped at Caution — cannot be lifted by any downgrade, example-payload opt-in, or allowlist.
Permissions & capabilities
Requires 2 system binaries.
Is this flag fair?
Thanks — recorded.