clawgod-claude-code-patch

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 1.00). Suspicious: the skill tells users to pipe remote install.sh / install.ps1 into bash/PowerShell from an unfamiliar GitHub user (0Chencc) and a short/ambiguous domain (ara.so), a classic high-risk pattern for distributing malware or backdoors—made worse by claims to remove safety restrictions.

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). The patch intentionally circumvents vendor safety controls, uses remote installer scripts that can execute arbitrary code, and enables high-risk capabilities (screen/mouse/keyboard control, internal API/feature dumps, multi-agent remote features and persistent binary modification) that facilitate credential theft, data exfiltration, remote code execution, and supply-chain/backdoor attacks.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The SKILL.md installation steps explicitly instruct piping remote scripts from the public GitHub release URLs (e.g., https://github.com/0Chencc/clawgod/releases/latest/download/install.sh and the install.ps1 link) into bash/PowerShell, so the agent runtime will fetch and execute untrusted, public third‑party code that directly changes agent behavior and can enable indirect prompt injection.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill fetches and executes remote installer scripts at runtime (curl -fsSL https://github.com/0Chencc/clawgod/releases/latest/download/install.sh | bash and irm https://github.com/0Chencc/clawgod/releases/latest/download/install.ps1 | iex), which run remote code and apply patches that directly change agent behavior and prompts, making this a high-risk runtime dependency.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 1.00). The skill instructs installing a runtime patch that modifies the Claude Code binary/config, removes built-in safety restrictions, exposes "computer use" (screen/mouse/keyboard) capabilities, and uses remote install commands (curl|bash, iex) that persistently alter system state and bypass protections, so it actively encourages compromising the host environment.