ClawAudit verdict
signaai
signa-ai
Both reads and writes files
The skill facilitates blockchain payments on the Signum network via documented Python scripts with explicit safeguards against replay attacks and unauthorized escrow creation, matching its stated purpose.
Automated static analysis — not a human review. ClawAudit flags capabilities, not confirmed intent, and can produce false positives. Disagree with this verdict? Use Dispute below.
What it does
These are capability combinations: each listed behavior occurs in the skill, but ClawAudit detects co-occurrence — it does not verify that one flows into another. Read the code to confirm a live chain.
Both reads and writes files — verify scope is limited to intended directories
LLM06 · ASI02
Permission integrity
file_read+write
Findings (7)
Instructs covert action — may act without user awareness
scripts/escrow.py · prose · downgraded · Silently
Accesses OpenClaw config/secrets directly
scripts/escrow.py · prose · downgraded · ~/.openclaw/openclaw.json
subprocess execution — runs system commands from Python
scripts/listener.py · prose · downgraded · subprocess.check_output(
Opens WebSocket connection
SKILL.md · prose · downgraded · WebSocket
Python os.environ.get — reads environment variable
examples/accept_board_claim.py · prose · downgraded · os.environ.get(
Popular HTTP library — network access
examples/arbitration.py · prose · downgraded · got
Python urllib.request — network access
scripts/escrow.py · prose · downgraded · urllib.request
Why the tier is capped
Execution sink present in raw bytes (Hard Floor: class B/D). Final tier capped at Caution — cannot be lifted by any downgrade, example-payload opt-in, or allowlist.
Permissions & capabilities
No declared permissions — minimal attack surface.
file_readfile_writenetwork_in Thanks — recorded.