clawgod-claude-code-patch
Fail
Audited by Gen Agent Trust Hub on Apr 7, 2026
Risk Level: CRITICALREMOTE_CODE_EXECUTIONPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill promotes the download and immediate execution of remote shell and PowerShell scripts from an unverified GitHub repository. This is a critical security risk that allows for arbitrary code execution on the user's host system.- [PROMPT_INJECTION]: The skill is designed to override and bypass core safety filters and behavioral constraints of the agent. It specifically targets the removal of 'CYBER_RISK_INSTRUCTION' (security testing and exploit refusals) and 'URL Restriction' rules.- [COMMAND_EXECUTION]: The installation and usage instructions involve executing shell commands that modify local binary behavior and system state, such as patching the 'claude' CLI tool and modifying PowerShell execution policies.- [EXTERNAL_DOWNLOADS]: The skill fetches executable content from 'github.com/0Chencc', which is not a verified or trusted source for system-level patches, posing a significant supply chain risk.
Recommendations
- HIGH: Downloads and executes remote code from: https://github.com/0Chencc/clawgod/releases/latest/download/install.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata