ClawAudit verdict

skill-vetter-zh

🟢 Trusted

Low risk — reviewed by ClawAudit, behavior matches stated purpose

Fetches from network AND uses eval/Function

Chinese-language version of the skill-vetter protocol with quick review commands using public GitHub API and clawhub search; the curl calls are to documented public APIs (api.github.com, raw.githubusercontent.com) for legitimate skill inspection.

Automated static analysis — not a human review. ClawAudit flags capabilities, not confirmed intent, and can produce false positives. Disagree with this verdict? Use Dispute below.

security

100

transparency

maintenance

What it does

These are capability combinations: each listed behavior occurs in the skill, but ClawAudit detects co-occurrence — it does not verify that one flows into another. Read the code to confirm a live chain.

Capability combination critical

Fetches from network AND uses eval/Function — the remote-code-execution pattern (data-flow not verified)

LLM05 · LLM06 · ASI05

Capability combination critical

Encodes data AND uses eval — the obfuscated-execution pattern (atob + eval; data-flow not verified)

LLM05 · ASI05 · ASI10

Capability combination critical

Accesses agent memory/notes AND makes external network calls — may leak personal data

LLM02 · LLM07 · ASI03 · ASI06

Capability combination critical

Accesses system credential store AND makes external network calls

LLM02 · ASI03

Capability combination high

Executes processes AND makes external network calls — may exfiltrate command output

LLM02 · LLM06 · ASI03

Capability combination high

Accesses agent memory AND makes external network calls — may leak conversation history

LLM02 · LLM07 · ASI06

Permission integrity

Accesses agent memory/configuration files

agent_memory

Findings (6)

Pattern match critical

Uses eval() — can execute arbitrary code

SKILL.md · code · eval(

Pattern match high

Uses exec() — may execute shell commands

SKILL.md · code · exec(

Pattern match high

References sudo — requests elevated privileges

SKILL.md · code · sudo

Pattern match high

Accesses cloud provider credentials

SKILL.md · code · ~/.aws

Pattern match high

Accesses .ssh directory

SKILL.md · code · .ssh/

Pattern match medium

References agent memory files

SKILL.md · code · MEMORY.md

Why the tier is capped

Execution sink present in raw bytes (Hard Floor: class B). Final tier capped at Caution — cannot be lifted by any downgrade, example-payload opt-in, or allowlist.

Permissions & capabilities

Requires 2 system binaries. (1 elevated: curl).

network_outprocess_execdynamic_evalcredential_storedata_encodingagent_memory

I installed anyway

Check another skill Browse the registry Auditing your own skills or configs? Use the API