ClawAudit verdict

mission-control

tsu-mission-control

🟢 Trusted

Low risk — reviewed by ClawAudit, behavior matches stated purpose

HTTP integration skill for reporting task progress and publishing documents to a Mission Control dashboard at a configurable local URL; behavior is transparent workflow coordination matching stated purpose.

⚠ Flagged for review — coarse, uncorroborated signal, not a confirmed exploit. Review the config yourself before installing.

Automated static analysis — not a human review. ClawAudit flags capabilities, not confirmed intent, and can produce false positives. Disagree with this verdict? Use Dispute below.

security

transparency

maintenance

Findings (12)

Pattern match high

app/backend/src/middleware.js · prose · downgraded · <script>

Pattern match high

Possible hardcoded credential

app/test-dispatcher.js · prose · downgraded · Token: "test_resume_token_123

Pattern match high

HTTP request to bare IP address — common in malicious payloads

docs/GETTING-STARTED.md · code · http://192.168.1.100

Pattern match high

References sudo — requests elevated privileges

docs/GETTING-STARTED.md · code · sudo

Pattern match high

Pipe-to-shell pattern (curl | sh) — supply chain attack vector

setup.sh · prose · downgraded · curl -fsSL https://openclaw.ai/install.sh | bash

Pattern match high

Pipe to bash — executes piped content as shell commands

setup.sh · prose · downgraded · | bash

Pattern match medium

Uses exec() — may execute shell commands

app/backend/src/db.js · prose · downgraded · exec(

Pattern match medium

Instructs covert action — may act without user awareness

docs/TROUBLESHOOTING.md · prose · downgraded · silently

Pattern match medium

Accesses OpenClaw config/secrets directly

docs/TROUBLESHOOTING.md · prose · downgraded · ~/.openclaw/openclaw.json

Pattern match medium

Downloads executables from external URLs

setup.sh · prose · downgraded · install from https://

Pattern match low

Accesses sensitive environment variables

app/backend/src/server.js · prose · downgraded · process.env.LOCAL_AUTH_TOKEN

Pattern match low

Opens WebSocket connection

app/backend/src/services/dispatcher.js · prose · downgraded · WebSocket

Why the tier is capped

Execution sink present in raw bytes (Hard Floor: class A/B/D). Final tier capped at Caution — cannot be lifted by any downgrade, example-payload opt-in, or allowlist.

Permissions & capabilities

No declared permissions — minimal attack surface.

credential_access

Is this flag fair?

Check another skill Browse the registry Auditing your own skills or configs? Use the API