ClawSec
SuspiciousAudited by ClawScan on May 10, 2026.
Overview
This skill is openly for security monitoring, but it asks the agent to operate an unprovided MITM proxy that can read HTTPS traffic, install a trusted CA, and store sensitive snippets in local logs.
Review the actual ClawSec Monitor source before running it, avoid system-wide CA installation unless you fully trust the code, route only intended test traffic through the proxy, and treat its logs as sensitive because they may contain secrets.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A user could be guided to run unknown local code that intercepts HTTPS traffic and handles credentials.
The skill asks users or the agent to run a proxy implementation, but the reviewed package does not include the referenced code or a trusted source, so the high-impact MITM component cannot be inspected.
Source: unknown ... No install spec — this is an instruction-only skill. ... No code files present
Do not run the referenced monitor until the actual source files, dependency lock or requirements, and provenance are available and reviewed.
If installed or misused, the monitor can see sensitive account and API credentials from routed agent traffic.
Full HTTPS MITM grants access to traffic contents, including authentication headers, API keys, cookies, and other account data passing through the proxy.
HTTPS interception is done via full MITM: a local CA signs per-host certificates ... plaintext is visible before re-encryption.
Use only in a tightly controlled environment, limit which processes use the proxy, and avoid installing the CA system-wide unless necessary and trusted.
The agent may make local environment changes that affect network routing or trust settings more broadly than the user intended.
The skill directs the agent to execute operational commands and troubleshoot trust-store setup, but does not clearly require separate approval before actions that alter local networking or certificate trust.
When `/clawsec` is invoked ... Starting / stopping — run the appropriate command ... HTTPS MITM not working — check if CA is installed in the correct trust store
Require explicit user approval before starting the proxy, changing proxy environment variables, installing trusted certificates, using sudo, or running Docker commands.
Sensitive tokens or private content may remain in logs and be readable later by users, processes, backups, or troubleshooting tools.
The monitor stores traffic snippets that can include secrets or credentials in local log files, with no clear redaction, access-control, retention, or cleanup policy.
Threats are appended to `/tmp/clawsec/threats.jsonl` ... `snippet`: "Authorization: Bearer sk-ant-api01-..." ... up to 200 chars of surrounding context
Redact secrets before logging, restrict file permissions, define retention and cleanup behavior, and warn users not to share logs without review.
The proxy or its trust material may remain active or reusable after the immediate task.
Detached Docker operation and persisted CA data are disclosed and purpose-aligned, but they can continue beyond a single interaction if the user does not stop or remove them.
docker compose -f docker-compose.clawsec.yml up -d ... CA persists in the `clawsec_data` Docker volume across restarts.
Document and confirm stop, volume removal, log deletion, and trusted-CA removal steps after use.