Skills
skills/prompt-security/clawsec/clawsec-feed/Gen Agent Trust Hub

clawsec-feed

Pass

Audited by Gen Agent Trust Hub on Mar 13, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: Fetches security advisories and skill updates from the vendor's official GitHub repository.
  • Evidence: Downloads metadata and feed content from github.com/prompt-security.
  • [COMMAND_EXECUTION]: Utilizes standard system utilities for installation, feed parsing, and integrity verification.
  • Utilities: curl, jq, unzip, shasum, date, find.
  • Safety Features: Implements size limits for downloads, path traversal checks for archives, and zip bomb prevention mechanisms.
  • Sanitization: Validates skill names using strict regular expressions and fixed-string matching to prevent injection vulnerabilities during local scans.
  • [DATA_EXFILTRATION]: Accesses the local skill installation directory to perform security cross-referencing.
  • Note: All data processing is local; analysis confirms no sensitive information is sent to external servers.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 13, 2026, 12:49 PM