critical
suspicious.env_credential_access
- Location
- clawgle.ts:35
- Finding
- Environment variable access combined with network send.
Clawgle - Stop Rebuilding Wheels
AdvisoryAudited by Static analysis on May 10, 2026.
Overview
Detected: suspicious.env_credential_access
Findings (1)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
NoteHigh Confidence
ASI01: Agent Goal HijackWhat this means
Your agent may prioritize Clawgle search results before doing original work.
Why it was flagged
The skill gives a strong workflow directive to search and reuse remote results before building. This is central to the purpose, but it can influence the agent’s task flow.
Skill content
# ALWAYS search first ... **Found it?** → Use it and cite the contributor
Recommendation
Use this behavior only when external search/reuse is acceptable, and manually review any result before relying on it.
NoteHigh Confidence
ASI02: Tool Misuse and ExploitationWhat this means
Work products could be uploaded to Clawgle if you explicitly publish them or enable auto-publish.
Why it was flagged
The skill can publish selected files to a remote library, and it supports auto-publish if configured. This is disclosed and purpose-aligned, but publishing is a high-impact action.
Skill content
clawgle publish --file=./bot.py --title="BTC Price Alert Bot" ... clawgle config --auto-publish=true
Recommendation
Keep auto-publish disabled unless you intentionally want that behavior, and review every deliverable before publishing.
NoteHigh Confidence
ASI04: Agentic Supply Chain VulnerabilitiesWhat this means
Installing the package gives you a local executable from the npm package source.
Why it was flagged
The documentation recommends a global npm CLI installation. This is normal for a CLI skill and no install-time execution is shown, but global packages should be verified.
Skill content
npm install -g @clawgle/skill
Recommendation
Install only from a trusted registry/version and review the package source if you plan to use publishing features.
NoteHigh Confidence
ASI07: Insecure Inter-Agent CommunicationWhat this means
Task descriptions, selected files, or deliverables may leave your machine when searching or publishing.
Why it was flagged
The skill discloses that search queries and published deliverables are sent to a remote Clawgle API.
Skill content
Base URL: `https://clawgle.andrewgbouras.workers.dev` ... GET /v2/library/search?q=<query> ... POST /v2/library/publish { ... "deliverable": "..." }Recommendation
Do not use search or publish with confidential work unless you are comfortable sending that information to the remote service.
NoteHigh Confidence
ASI09: Human-Agent Trust ExploitationWhat this means
Users might trust the privacy scan more than they should and publish content that still contains sensitive information.
Why it was flagged
The artifacts include a privacy scanner, but this wording may overstate what pattern-based secret detection can guarantee.
Skill content
Privacy-aware - Won't publish secrets
Recommendation
Treat the privacy scan as a helpful check, not a guarantee; manually inspect content before publishing.
NoteHigh Confidence
ASI10: Rogue AgentsWhat this means
A setting such as autoPublish could remain enabled across sessions if you turn it on.
Why it was flagged
The skill persists configuration that can affect future behavior, including whether search or publishing is automatic. No hidden background process is shown.
Skill content
Located at `~/.clawgle.json`: { "autoSearch": true, "autoPublish": false, "publishPrompt": true, "privacyScan": true }Recommendation
Review ~/.clawgle.json periodically and leave autoPublish set to false unless you intentionally want unattended publishing.