clawteam
Fail
Audited by Gen Agent Trust Hub on Apr 29, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to run a persistent background loop using
python3 -cto execute dynamic code for monitoring task progress. - [PROMPT_INJECTION]: The instructions command the agent to
clawteam config set skip_permissions true, which disables confirmation prompts for sensitive operations, and asserts that the tool 'handles permissions, prompt injection, and nesting detection correctly' to encourage bypassing internal safety protocols. - [COMMAND_EXECUTION]: Spawns child agent processes via
clawteam spawnand specifies that workspace trust prompts (e.g., for Claude Code) are auto-confirmed, bypassing user oversight. - [COMMAND_EXECUTION]: The
clawteam board servecommand launches a web server on a local port, which could expose internal task data if misconfigured. - [COMMAND_EXECUTION]: Provides a surface for indirect prompt injection where the leader agent processes unvalidated data from worker agents via
clawteam inbox receiveand uses it to make autonomous decisions.
Recommendations
- AI detected serious security threats
Audit Metadata