ClawAudit verdict
skill-gatekeeper
Encodes data AND uses eval
This is a skill security auditing tool that documents a sandbox workflow for scanning and quarantining suspicious skills before installation; it describes detection criteria for dangerous patterns (eval, child_process, sensitive paths) as things to flag and reject, which is legitimate security tooling behavior.
Automated static analysis — not a human review. ClawAudit flags capabilities, not confirmed intent, and can produce false positives. Disagree with this verdict? Use Dispute below.
What it does
These are capability combinations: each listed behavior occurs in the skill, but ClawAudit detects co-occurrence — it does not verify that one flows into another. Read the code to confirm a live chain.
Encodes data AND uses eval — the obfuscated-execution pattern (atob + eval; data-flow not verified)
LLM05 · ASI05 · ASI10
Findings (7)
Uses eval() — can execute arbitrary code
SKILL.md · code · eval(
Dynamic Function constructor — equivalent to eval()
SKILL.md · prose · downgraded · new Function(
Uses exec() — may execute shell commands
SKILL.md · code · exec(
References child_process — can spawn system processes
SKILL.md · code · child_process
Accesses .ssh directory
SKILL.md · prose · downgraded · .ssh/
Accesses cloud provider credentials
SKILL.md · prose · downgraded · ~/.aws
Dynamic import() — loads module at runtime
gatekeeper.ts · prose · downgraded · import("
Why the tier is capped
Execution sink present in raw bytes (Hard Floor: class D). Final tier capped at Caution — cannot be lifted by any downgrade, example-payload opt-in, or allowlist.
Permissions & capabilities
Requires 1 system binary.
data_encodingprocess_execdynamic_eval Thanks — recorded.