v0.0.6

clawsec-feed

BenignClawScan verdict for this skill. Analyzed May 1, 2026, 5:23 AM.

Analysis

This appears to be a security advisory feed with documented install/update instructions; the main thing to review is its remote-download installation flow and how advisory data may influence your agent.

GuidanceThis skill looks appropriate for a security advisory feed. Before installing, verify the Prompt Security GitHub release and checksums, run the shell commands only with explicit approval, and treat feed advisories as prompts for review rather than automatic instructions to change or remove software.

Findings (3)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Agentic Supply Chain Vulnerabilities

SeverityLowConfidenceHighStatusNote

SKILL.md

LATEST_TAG=$(curl -sSL --retry 3 --retry-delay 1 https://api.github.com/repos/prompt-security/ClawSec/releases | jq -r '[.[] | select(.tag_name | startswith("clawsec-feed-v"))][0].tag_name')

The standalone install flow fetches the latest release metadata and artifacts from GitHub rather than using a pinned local artifact. The instructions also include checksum validation and provenance warnings, so this is a disclosed supply-chain consideration rather than suspicious behavior.

User impactInstalling from the latest remote release means the installed content depends on the current upstream release and GitHub availability/integrity.

RecommendationReview the release source, confirm checksums from a trusted channel, and consider pinning a known version when installing on sensitive systems.

Unexpected Code Execution

SeverityInfoConfidenceHighStatusNote

SKILL.md

Required runtime for standalone installation: `bash`, `curl`, `jq`, `shasum`, `unzip`

The skill documents shell-based setup commands for downloading, verifying, and extracting the package. These commands are user-directed and central to standalone installation, with no evidence of hidden automatic execution.

User impactA user or agent following the standalone install instructions will run local shell commands and write files under the OpenClaw skills directory.

RecommendationRun the install steps manually or with explicit approval, review the downloaded artifact before installing, and avoid running the commands with elevated privileges unless necessary.

Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Memory and Context Poisoning

SeverityLowConfidenceHighStatusNote

README.md

**Community-Driven** - Advisories contributed and reviewed by the security community

The package provides external advisory data intended for AI agents to consume and act on. That is the stated purpose, but community-driven security content should be treated as advisory context, not unquestioned authority.

User impactAdvisory entries may influence what your agent recommends about vulnerabilities, updates, or removing skills.

RecommendationUse the feed as a signal, but verify important advisories against the linked references or trusted vendor sources before making disruptive changes.