Safety Report

Clawaudit

Name: Clawaudit
Author: tezatezaz

@tezatezaz

Official repo for clawaudit, coming soon as an automated security checker for repositories.

1,425Downloads

4Installs

0Stars

1Versions

Workflow Automation3,323 Browser Automation1,737 Security & Compliance1,716 DevOps & Infrastructure1,045

Security Analysis

medium confidence

Clean

The skill claims to be an automated repo security checker but provides no code, install steps, or usable instructions and points to an external DuckDNS host — it's a placeholder with unexplained external links, so proceed cautiously.

Mar 7, 20261 files2 concerns

Purpose & Capabilityconcern

The description promises an 'automated security checker for repositories' but there are no instructions, no code, no dependencies, and no required credentials. That mismatch (capability promised but not implemented) is incoherent — it looks like a placeholder rather than a working skill.

Instruction Scopenote

SKILL.md contains only a short placeholder description and two external URLs (clawaudit.duckdns.org and a logo.png). It does not instruct the agent to read local files, access credentials, or perform actions, but the presence of an external URL means the agent could be directed to fetch remote content later if the skill is updated.

Install Mechanismok

No install spec and no code files are present — lowest-risk configuration. Nothing will be written to disk by the skill itself as provided.

Credentialsok

The skill requests no environment variables, credentials, or config paths — there is no apparent need for secrets in its current placeholder form.

Persistence & Privilegeok

always is false and the skill is user-invocable; model invocation is allowed (the platform default). There is no indication the skill requests elevated or persistent privileges.

Guidance

This package is essentially a placeholder: it claims to be an automated security checker but contains no code or instructions and links to a DuckDNS host. That alone isn't evidence of malware, but it's incomplete and comes from an unknown source. Recommended actions before installing or trusting it: 1) Wait for a proper release with an install spec, source repository, and published code (preferably on a reputable host like github.com). 2) Verify the owning entity and an official homepage/contact. 3) Treat the duckdns URL as untrusted — do not provide credentials or secrets to the skill or its site. 4) If you must test it, do so in an isolated environment without access to sensitive data. If you need a working repo-audit tool now, prefer well-known alternatives with published code and documentation.

Latest Release

v0.1.0

Initial release of the clawaudit skill. - Published official repository for clawaudit. - Introduced project description and logo. - Provided early information about upcoming automated security checking features. - Included website link for future updates and access.

More by @tezatezaz

Clawbrowser

7 stars

Clawcast - Easiest Ethereum Crypto Wallet

6 stars

ClawCast Crypto Wallet: Keys, Balances & Transactions

4 stars

Cast

0 stars

Clawcast - Cast Ethereum Wallet for Agents

0 stars

self-improving-agent

@pskoett · 1,456 stars

Published by @tezatezaz on ClawHub