claude-code-clawdbot
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- COMMAND_EXECUTION (SAFE): The script executes local binaries (
claude,script,tmux) to facilitate its primary function. It usesshlex.quoteto sanitize inputs before passing them to the shell viascript -c. This prevents shell injection vulnerabilities when constructing the command line for the pseudo-terminal wrapper. - PROMPT_INJECTION (LOW): The skill functions as a passthrough for user-provided prompts to the
claudeCLI, creating a surface for indirect prompt injection (Category 8). While the wrapper itself is secure, the downstream agent will process any instructions contained in the input. - Ingestion points: The
args.promptvariable inscripts/claude_code_run.pyreceives untrusted input from the user. - Boundary markers: No boundary markers or 'ignore embedded instructions' warnings are added to the prompt before it is passed to the Claude CLI.
- Capability inventory: The
claudeCLI is a high-capability tool capable of file modification and command execution on the host. - Sanitization: The script uses
shlex.quotefor shell safety, but does not perform content-based sanitization of the prompt itself.
Audit Metadata