clawsec-suite
Pass
Audited by Gen Agent Trust Hub on Mar 2, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Fetches advisory feeds and skill catalog indexes from trusted vendor domains (prompt.security) and GitHub releases.
- All downloads are cryptographically verified using Ed25519 signatures and SHA-256 checksums against pinned public keys before processing.
- Remote connections enforce a minimum of TLS 1.2 and use a strict domain allowlist to prevent unauthorized network access.
- [PROMPT_INJECTION]: Identifies a potential surface for indirect prompt injection within the 'action' and 'description' fields of the advisory feed.
- Ingestion points: Remote and local
feed.jsonfiles are processed by the hook and heartbeat scripts. - Boundary markers: None; advisory text is interpolated directly into agent messages.
- Capability inventory: The suite can execute skill installations via
npx clawhuband manage agent-level cron jobs. - Sanitization: All feed data is required to be signed by the trusted vendor's Ed25519 key, significantly mitigating the risk of third-party injection attacks.
- [SAFE]: The skill uses a shared portability helper for path resolution that explicitly rejects unexpanded home tokens and prevents path confusion across different shells and operating systems.
- [SAFE]: Persistence is managed via the agent's native cron functionality (
openclaw cron) rather than direct modification of system-level configuration files or shell profiles.
Audit Metadata