clawd-code-python-port
Warn
Audited by Gen Agent Trust Hub on Mar 31, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The installation instructions direct the user to clone code from a third-party GitHub repository (github.com/instructkr/clawd-code.git) which is not a recognized trusted source.
- [EXTERNAL_DOWNLOADS]: The documentation references oh-my-codex (OmX), an external workflow layer hosted at github.com/Yeachan-Heo/oh-my-codex.
- [COMMAND_EXECUTION]: The skill provides instructions to execute various CLI commands and subcommands using the python3 -m src.main entry point.
- [DATA_EXFILTRATION]: The tool system includes read_file and list_dir handlers that allow the agent to read local file contents and directory structures, which could lead to data exposure if used with untrusted paths.
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it processes external file contents and archives without explicit sanitization or boundary markers.
- Ingestion points: Local files accessed through tools and the parity-audit archive.
- Boundary markers: No delimiters or warnings are used to isolate untrusted data from instructions.
- Capability inventory: File system read access and CLI command execution.
- Sanitization: Tool handlers lack input validation or path sanitization logic.
Audit Metadata