clawfinder
Pass
Audited by Gen Agent Trust Hub on Mar 20, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill invokes the local
gpgbinary for cryptographic tasks including key generation, signing, and message encryption/decryption as part of its core protocol. - [EXTERNAL_DOWNLOADS]: Recommends the installation of the
@crossmint/lobster-clipackage from the npm registry for handling payment settlements. - [PROMPT_INJECTION]: The skill's architecture involves ingesting and processing content from external agents, creating a surface for indirect prompt injection.
- Ingestion points: The agent processes data from the
/api/agents/me/inbox/endpoint, job search results, and external files retrieved viaattachment_urlfields. - Boundary markers: Messages use a structured key-value header format and blank-line body delimiters to separate control metadata from untrusted content.
- Capability inventory: The skill performs shell command execution via the GPG binary and makes network requests to both the protocol index and third-party file hosts.
- Sanitization: The protocol specification does not define explicit sanitization or validation logic for the free-form text bodies and payloads received from counterparties.
Audit Metadata