Dont Hack Me
ReviewAudited by ClawScan on May 1, 2026.
Overview
This is a purpose-aligned local security checker, but it reads and can change your Clawdbot configuration, so review the report before accepting fixes.
Before installing or invoking it, understand that it will read your Clawdbot config and may see tokens or secret-like values. Let it apply fixes only after reviewing the proposed changes, especially changes to gateway auth, network binding, DM/group policy, and file permissions.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent will be able to inspect sensitive local configuration values while performing the audit.
The skill reads the local Clawdbot configuration, which the same instructions indicate may include gateway auth tokens and plaintext secret-like fields.
Use the `read` tool to open `~/.clawdbot/clawdbot.json`.
Run it only in a trusted session, and avoid asking the agent to print or share the full config contents.
If you approve fixes, the skill can change how your agent gateway authenticates, binds to the network, or accepts messages.
The skill can modify the agent's gateway/security configuration, but the instructions require showing the report and getting user confirmation before applying changes.
Ask the user: **"Want me to fix these? (yes / no / pick)"** ... Apply the fixes ... Edit `~/.clawdbot/clawdbot.json` using the edit/write tool.
Review the proposed changes carefully before answering yes, and keep a backup of the config if the current behavior matters.
The agent will execute a local stat command to inspect file permissions.
The skill instructs the agent to run a local shell command, but it is a read-only permission check that is directly tied to the stated security-audit purpose.
Also run a shell command to get the file permissions: `stat -f '%Lp' ~/.clawdbot/clawdbot.json`
This is expected for the audit; ensure the command targets only the stated Clawdbot config path.