ClawAudit verdict
symbiont
Zero-trust governance framework for AI agents using Cedar policies and cryptographic audit trails; installs the symbi binary via Homebrew and operates as a documented security layer.
⚠ Flagged for review — coarse, uncorroborated signal, not a confirmed exploit. Review the config yourself before installing.
Automated static analysis — not a human review. ClawAudit flags capabilities, not confirmed intent, and can produce false positives. Disagree with this verdict? Use Dispute below.
Permission integrity
package_install
Findings (9)
Accesses .ssh directory
SKILL.md · code · .ssh/
Bash /dev/tcp — raw TCP connection via shell
clawhavoc-scan.sh · prose · downgraded · /dev/tcp/
Recursive delete from root or home — destructive command
policy-guard.sh · prose · downgraded · rm -rf /
References SSH/GPG private keys
clawhavoc-scan.sh · prose · downgraded · ssh-key
Accesses system credential store
clawhavoc-scan.sh · prose · downgraded · keychain
References sudo — requests elevated privileges
clawhavoc-scan.sh · prose · downgraded · sudo
setuid — privilege escalation mechanism
clawhavoc-scan.sh · prose · downgraded · setuid
References agent configuration files
SKILL.md · prose · downgraded · CLAUDE.md
Changes file ownership
clawhavoc-scan.sh · prose · downgraded · chown
Why the tier is capped
Execution sink present in raw bytes (Hard Floor: class B). Final tier capped at Caution — cannot be lifted by any downgrade, example-payload opt-in, or allowlist.
Permissions & capabilities
Requires 1 system binary.
package_installcredential_storenetwork_in Is this flag fair?
Thanks — recorded.