clawsec-suite
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill fetches security advisories and software updates from the official vendor domain (clawsec.prompt.security) and GitHub. These operations are protected by mandatory Ed25519 signature verification and SHA-256 checksum validation to ensure the authenticity and integrity of all downloaded content.
- [COMMAND_EXECUTION]: The suite provides tools for scheduling periodic security scans using the platform's cron system and installing security hooks. These are transparent, core functionalities intended for its purpose as a security manager.
- [REMOTE_CODE_EXECUTION]: Includes a 'guarded install' mechanism for fetching and installing additional skills via the clawhub utility. This process incorporates security advisory checks and requires explicit user confirmation if a potential security concern is detected for the target tool, ensuring that users are informed of risks before proceeding with installations.
Audit Metadata