ClawAudit verdict
skill-forge
skill-forge-ai
The skill appears to be a tool for forging, assessing, and publishing skills. It does not contain any malicious code patterns or suspicious behaviors.
⚠ Flagged for review — coarse, uncorroborated signal, not a confirmed exploit. Review the config yourself before installing.
Automated static analysis — not a human review. ClawAudit flags capabilities, not confirmed intent, and can produce false positives. Disagree with this verdict? Use Dispute below.
Permission integrity
agent_memory
Findings (6)
Uses eval() — can execute arbitrary code
SKILL.md · prose · downgraded · eval(
Uses exec() — may execute shell commands
SKILL.md · prose · downgraded · exec(
References sudo — requests elevated privileges
SKILL.md · prose · downgraded · sudo
Accesses cloud provider credentials
SKILL.md · prose · downgraded · ~/.aws
References agent memory files
SKILL.md · prose · downgraded · MEMORY.md
Python urllib.request — network access
references/publishing-guide.md · prose · downgraded · urllib.request
Permissions & capabilities
No declared permissions — minimal attack surface.
agent_memory Is this flag fair?
Thanks — recorded.