The Agent Skills Directory

[COMMAND_EXECUTION]: The script scripts/audit.cjs utilizes child_process.execSync to run system utilities including ss, netstat, and git log. These commands are used to identify open network ports and inspect commit history for potential security lapses. While the commands are largely static, the ability to execute shell commands and modify file permissions (fs.chmodSync) represents a significant capability that should be used with caution.
[PROMPT_INJECTION]: The skill presents a surface for indirect prompt injection because it ingests and processes data from various local files (e.g., .env, .json, .js). While the current implementation only logs the existence of matches rather than echoing file content back to the user, an attacker with file-write access could theoretically place strings designed to influence the agent's behavior if those matches were ever included in the audit report summary.
Ingestion points: The audit script recursively reads content from files within the /root/clawd directory.
Boundary markers: The script does not utilize delimiters or specific instructions to the agent to ignore instructions found within scanned files.
Capability inventory: The skill possesses the capability to execute shell commands (execSync), modify file system permissions (chmodSync), and write new files (writeFileSync).
Sanitization: No sanitization or validation of the file content is performed prior to the regex analysis.

security-audit