claw-code-harness
Fail
Audited by Gen Agent Trust Hub on Mar 31, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Downloads the primary code package from an untrusted GitHub repository ('https://github.com/instructkr/claw-code.git').\n- [REMOTE_CODE_EXECUTION]: Executes the downloaded external code directly via 'python3 -m src.main' and 'cargo run', which allows unverified logic to run on the system.\n- [COMMAND_EXECUTION]: Performs several system-level operations including installing packages ('pip install'), running test suites ('python3 -m unittest'), and building Rust binaries ('cargo build').\n- [EXTERNAL_DOWNLOADS]: Fetches the Rust toolchain installer from the well-known 'rustup.rs' service.
Recommendations
- HIGH: Downloads and executes remote code from: https://sh.rustup.rs - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata