The Agent Skills Directory

[CREDENTIALS_UNSAFE]: The skill is designed to read sensitive files and environment variables to facilitate security audits.
Evidence: Explicitly instructs the agent to read sensitive paths including ~/.clawdbot/credentials/whatsapp/*/creds.json, ~/.clawdbot/agents/*/auth-profiles.json, and ~/.clawdbot/credentials/oauth.json.
Evidence: Attempts to extract the CLAWDBOT_GATEWAY_TOKEN from the host's environment variables.
[COMMAND_EXECUTION]: The skill utilizes shell commands for both inspection and potential modification of the system.
Evidence: Uses commands such as cat, grep, env, ls, and stat to expose system and configuration states.
Evidence: The documented --fix functionality provides instructions for executing chmod to modify file permissions (e.g., chmod 700, chmod 600) and provides JSON payloads to alter existing configuration files.
Evidence: The skill.json configuration references a missing execution script security-check.js in the start and test scripts.
[PROMPT_INJECTION]: The skill contains deceptive documentation and metadata regarding its operational safety constraints.
Evidence: The skill.json metadata and SKILL.md body claim the skill is 'read-only' and '100% Read-only', yet the internal documentation provides explicit logic and instructions for a --fix flag that performs administrative system modifications.
Evidence: This discrepancy between stated permissions and instructed capabilities can lead an agent to perform unauthorized configuration changes.

clawdbot-self-security-audit