clawbrain
Fail
Audited by Gen Agent Trust Hub on Feb 19, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- Unverifiable Dependencies & Remote Code Execution (HIGH): The skill encourages installation via
curl -fsSL ... | bashinREADME.md,skill.json, andremote-install.sh. This pattern downloads and executes a script from an untrusted GitHub repository (clawcolab/clawbrain) without prior verification.\n- Privilege Escalation (HIGH): Theinstall.shscript and installation instructions usesudoto perform sensitive system-level actions, including modifying systemd service configurations and restarting system services.\n- Dynamic Execution (MEDIUM): Thehandler.jsfile executes dynamically constructed Python code viaspawnSyncto resolve package paths and verify installations.\n- Indirect Prompt Injection (LOW): The skill ingests untrusted user input into its memory database viaremember()andget_full_context(), creating a surface for indirect prompt injection when these memories are later recalled as context. Mandatory Evidence: Ingestion points:clawbrain.py(viarememberandget_full_contextmethods); Boundary markers: Absent in provided implementation; Capability inventory: Database storage and retrieval; Sanitization: Uses parameterized SQL queries.
Recommendations
- HIGH: Downloads and executes remote code from: https://raw.githubusercontent.com/clawcolab/clawbrain/main/remote-install.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata