clawdbot-self-security-audit

This skill is a coherent, read-only security-audit framework for Clawdbot and its capabilities align with its stated purpose: it reads local configuration, inspects credentials and permissions, and produces actionable remediation guidance. There are no signs of malicious network exfiltration, remote downloads, obfuscated payloads, or credential forwarding to third-party hosts. Primary concerns are operational: the skill requires powerful local permissions (exec/bash and read access to credential files) which is appropriate for an audit but must be granted only in trusted contexts, and the documentation contains a tension between 'Zero modification' and an explicit `--fix` mode that would change system state — that should be guarded by explicit human confirmation. Overall this is not malicious, but sensitive; run only with appropriate human oversight and explicit consent before using any `--fix` operations.