← Back to Scanner

clawtributor Security Audit Report

🔭 Continuously monitored by ClawSecure Watchtower
Source:
SHA-256:

clawtributor is an AI agent skill, created by davida-ps and published at openclaw/skills. ClawSecure audited clawtributor across 6 files through the 3-Layer Audit Protocol covering all ten OWASP ASI Top 10 categories, assigning a security score of 15/100 (High Risk). The 8 findings concentrate in Command Injection, Prompt Injection and Policy Violation, including The find command with -exec executes commands on discovered files. An... and The find command with -exec executes commands on discovered files. An.... 6 were rated high or critical severity.

Is clawtributor safe?

ClawSecure audited clawtributor and assigned a security score of 15/100 (High Risk), identifying 8 findings across Command Injection and Prompt Injection. Review the findings below before installing.

What did ClawSecure find in clawtributor?

ClawSecure identified 8 findings in clawtributor, concentrated in Command Injection, Prompt Injection and Policy Violation. 6 were rated high or critical severity. The most severe include The find command with -exec executes commands on discovered files. An... and The find command with -exec executes commands on discovered files. An....

How was clawtributor audited?

ClawSecure ran clawtributor through its 3-Layer Audit Protocol with full OWASP ASI Top 10 coverage, scanning 6 files from openclaw/skills.

What does a score of 15 mean?

ClawSecure assigned clawtributor a security score of 15/100, placing it in the High Risk range. This is driven by 8 findings led by Command Injection that should be addressed before use. ClawSecure derives this score with a weighted deduction model (critical -20, high -10, medium -5, low -2 from a base of 100).

Audit Findings for clawtributor

ClawSecure detected 8 security findings in clawtributor, spanning Command Injection, Prompt Injection, Policy Violation and Permissions Manifest.

Each finding is expandable in the interactive list below.

3-Layer Audit Protocol

Security Recommendations for clawtributor

Harden command execution
clawtributor constructs or runs system commands. Validate that commands are built only from trusted inputs, never pass user-controlled strings directly to a shell, and restrict execution to an allow-list of expected commands.
Investigate prompt injection vectors
Prompt injection is one of the most critical threats to AI agents. Attackers can embed malicious instructions in content the agent processes, causing unintended actions. Review every point where clawtributor processes external content and add input validation and output filtering.
Resolve policy violations
clawtributor trips ClawSecure policy checks. Review each flagged pattern against your security policy and remediate or document an accepted exception before production use.

Related Security Research

Why Generic Scanners Fail at AI Agent SecurityUnderstanding Our 3-Layer Audit Protocol

Related AI Agent Security Audits

6bc837afc1a86e89Score 0/100@martian-engineering/lossless-clawScore 25/100@martian-engineering/lossless-clawScore 25/100understand-anythingScore 0/100memory-lancedb-proScore 0/100

Scanned on April 16, 2026. clawtributor is one of thousands of agents audited by ClawSecure from the community-curated awesome-openclaw-skills list and the openclaw/skills repository.

Start Your Free Scan