The Agent Skills Directory

[COMMAND_EXECUTION] (MEDIUM): The skill.json file defines execution scripts (node security-check.js) for files not included in the provided skill package. This represents a lack of transparency and prevents verification of the commands actually run on the host system.
[EXTERNAL_DOWNLOADS] (LOW): The README.md provides instructions for manual installation via git clone from an external repository (github.com/TheSethRose/Clawdbot-Security-Check.git). While Github is a common source, users should verify the repository integrity.
[INDIRECT_PROMPT_INJECTION] (LOW): The skill is designed to ingest local configuration data and logs to perform audits.
Ingestion points: Reads local gateway configurations, environment variables, and system logs (implied by the 13 security domains).
Boundary markers: None identified in the provided documentation.
Capability inventory: Execution of Node.js scripts, file system read access, and execution of the detect-secrets utility.
Sanitization: No evidence of input sanitization or instruction-filtering for the data being audited.

clawdbot-self-security-audit