attestation-chain-auditor
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: attestation-chain-auditor Version: 1.0.0 The skill declares requirements for `curl` and `python3` in its `SKILL.md` metadata. While these binaries might be plausibly needed for the stated purpose of auditing attestation chains (e.g., fetching attestation data from network endpoints and processing it), they also grant significant capabilities for arbitrary code execution, network access, and file system interaction. Without the actual implementation code, the presence of these powerful requirements raises a 'suspicious' flag due to the potential for exploitation or malicious behavior, even though the `SKILL.md` itself contains no explicit malicious instructions or prompt injection attempts.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent may use local tools or network-style lookups while helping audit attestation chains, but the artifacts do not show unsafe commands, credential use, or account mutation.
The skill declares command-line tooling that could be used for fetching or processing attestation metadata. This is aligned with the auditing purpose, but it is still a capability users should notice.
requires:\n bins: [curl, python3]
Use it with attestation data or identifiers you intend to audit, and review any proposed curl/python commands before allowing them to run.