ClawAudit verdict
strudel-music
Installs packages AND executes processes
An audio composition skill using Strudel/Node.js that explicitly warns users that compositions can access the filesystem and network, and recommends running untrusted code in containers — transparent and responsible disclosure.
Automated static analysis — not a human review. ClawAudit flags capabilities, not confirmed intent, and can produce false positives. Disagree with this verdict? Use Dispute below.
What it does
These are capability combinations: each listed behavior occurs in the skill, but ClawAudit detects co-occurrence — it does not verify that one flows into another. Read the code to confirm a live chain.
Installs packages AND executes processes — opaque dependency chain with execution
LLM03 · ASI04
Permission integrity
package_install
Findings (9)
Uses exec() — may execute shell commands
SKILL.md · code · exec(
Pipe to python — executes piped content as Python code
docs/pipeline-guide.md · prose · downgraded · | Python
Instructs covert action — may act without user awareness
SKILL.md · prose · downgraded · silently
References child_process — can spawn system processes
CHANGELOG.md · prose · downgraded · child_process
subprocess execution — runs system commands from Python
scripts/analyze-render.py · prose · downgraded · subprocess.run(
Opens WebSocket connection
assets/compositions/machine-hum.js · prose · downgraded · WebSocket
References agent memory files
docs/PROMOTION.md · prose · downgraded · MEMORY.md
Popular HTTP library — network access
package-lock.json · prose · downgraded · node-fetch
Blob URL — may embed executable content
scripts/download-samples.sh · prose · downgraded · blob:
Why the tier is capped
Execution sink present in raw bytes (Hard Floor: class D). Final tier capped at Caution — cannot be lifted by any downgrade, example-payload opt-in, or allowlist.
Permissions & capabilities
Requires 1 system binary.
package_installprocess_exec Thanks — recorded.