semanticfs Security Report — Suspicious | ClawSafe

45 /100

semanticfs

Semantic filesystem search - replaces grep/find/ls chains with semantic queries

Skill contains a declared but dangerous curl|bash remote script execution pattern for installation, representing an unmitigated supply chain risk.

Skill Namesemanticfs

Duration27.6s

Enginepi

⚠

Use with caution

Replace curl|bash with explicit installation steps or direct binary download with hash verification. Pin the install script to a specific commit or tag.

Attack Chain 3 steps

⬡

Escalation Attacker compromises GitHub repo or modifies install.sh on main branch

SKILL.md:40

⬡

Escalation User follows install instructions, executing malicious code via curl|bash

SKILL.md:40

◉

Impact Attacker gains arbitrary code execution on user's system

install.sh:1

Findings 3 items

Severity	Finding	Location
High	Dangerous curl\|bash remote script execution Supply Chain The install instruction at line 40 uses 'curl -sSfL <URL> \| bash', which downloads and executes arbitrary code from a remote GitHub repository without any integrity verification (no hash check, no version pin, no code review step). `curl -sSfL https://raw.githubusercontent.com/Navneeth08k/semanticFS/main/scripts/install.sh \| bash` → Replace with: 1) Direct binary download with SHA256 verification, 2) Package manager install (pip/brew), or 3) Explicit multi-step instructions showing what the install script does before execution.	`SKILL.md:40`
Medium	Unpinned installation source Supply Chain The GitHub raw URL points to the 'main' branch without a specific commit, tag, or release. The content can change arbitrarily, breaking reproducibility and enabling supply chain attacks. `https://raw.githubusercontent.com/Navneeth08k/semanticFS/main/scripts/install.sh` → Pin to a specific release tag: https://raw.githubusercontent.com/Navneeth08k/semanticFS/v1.0.0/scripts/install.sh	`SKILL.md:40`
Medium	Undeclared shell execution permissions Priv Escalation SKILL.md instructs users to run multiple shell commands (semanticfs binary, curl, python3 -c) without declaring 'shell:WRITE' in allowed-tools mapping. The shell resource capability is not declared at all. `curl -sSfL ... \| bash; semanticfs --config ~/semanticfs.toml ...` → If shell execution is required for this skill, declare it explicitly in the allowed-tools mapping.	`SKILL.md:40`

Resource	Declared	Inferred	Status	Evidence
Filesystem	`NONE`	`READ`	✓ Aligned	semanticfs index build requires read access to indexed directories
Network	`NONE`	`READ`	✓ Aligned	Queries localhost:9464 API for search results
Shell	`NONE`	`WRITE`	✗ Violation	SKILL.md:40,45,52,55,63 - Runs binary commands and curl without declared shell p…

1 Critical 1 findings

💀

Critical Dangerous Command 危险 Shell 命令

curl -sSfL https://raw.githubusercontent.com/Navneeth08k/semanticFS/main/scripts/install.sh | bash

SKILL.md:40

File Tree

1 files · 4.0 KB · 131 lines

Markdown 1f · 131L

└─ 📝 SKILL.md Markdown 131L · 4.0 KB

Security Positives

✓ Skill behavior is well-documented and transparent about what it does

✓ The tool is read-only (semantic search only, no file modification)

✓ Localhost-only network usage reduces exfiltration risk

✓ GitHub repository provides some accountability (unlike arbitrary URLs)

Scan Report

Attack Chain 3 steps

Findings 3 items

File Tree

Security Positives