ClawAudit verdict
skill-sonar
The skill is designed for lifecycle guarding and does not contain malicious code.
⚠ Flagged for review — coarse, uncorroborated signal, not a confirmed exploit. Review the config yourself before installing.
Automated static analysis — not a human review. ClawAudit flags capabilities, not confirmed intent, and can produce false positives. Disagree with this verdict? Use Dispute below.
Findings (8)
Accesses .ssh directory
preflight/preflight-guard.md · prose · downgraded · .ssh/
Instructs covert action — may act without user awareness
preflight/preflight-guard.md · prose · downgraded · silently
Accesses system credential store
preflight/preflight-guard.md · prose · downgraded · keychain
Accesses cloud provider credentials
preflight/preflight-guard.md · prose · downgraded · ~/.aws
Accesses Kubernetes config (may contain cluster credentials)
preflight/preflight-guard.md · prose · downgraded · ~/.kube/config
References sudo — requests elevated privileges
preflight/preflight-guard.md · prose · downgraded · sudo
Base64 encoding/decoding
preflight/preflight-guard.md · prose · downgraded · base64-encode
References agent memory files
preflight/preflight-guard.md · prose · downgraded · MEMORY.md
Permissions & capabilities
No declared permissions — minimal attack surface.
Is this flag fair?
Thanks — recorded.