← Back to Scanner

gstack Security Audit Report

🔭 Continuously monitored by ClawSecure Watchtower
Source:
SHA-256:

gstack is an AI agent skill, created by garrytan and published at garrytan/gstack. ClawSecure audited gstack across 59 files through the 3-Layer Audit Protocol covering all ten OWASP ASI Top 10 categories, assigning a security score of 0/100 (High Risk). The 13 findings concentrate in Command Injection, Malicious Code and Policy Violation, including Pattern detected: from "child_process" and Pattern detected: execSync(. 6 were rated high or critical severity.

Is gstack safe?

ClawSecure audited gstack and assigned a security score of 0/100 (High Risk), identifying 13 findings across Command Injection and Malicious Code. Review the findings below before installing.

What did ClawSecure find in gstack?

ClawSecure identified 13 findings in gstack, concentrated in Command Injection, Malicious Code and Policy Violation. 6 were rated high or critical severity. The most severe include Pattern detected: from "child_process" and Pattern detected: execSync(.

How was gstack audited?

ClawSecure ran gstack through its 3-Layer Audit Protocol with full OWASP ASI Top 10 coverage, scanning 59 files from garrytan/gstack.

What does a score of 0 mean?

ClawSecure assigned gstack a security score of 0/100, placing it in the High Risk range. This is driven by 13 findings led by Command Injection that should be addressed before use. ClawSecure derives this score with a weighted deduction model (critical -20, high -10, medium -5, low -2 from a base of 100).

Audit Findings for gstack

ClawSecure detected 13 security findings in gstack, spanning Command Injection, Malicious Code, Policy Violation and Obfuscation.

Showing the 12 highest-severity of 13 findings. The full interactive list appears below.

3-Layer Audit Protocol

Security Recommendations for gstack

Harden command execution
gstack constructs or runs system commands. Validate that commands are built only from trusted inputs, never pass user-controlled strings directly to a shell, and restrict execution to an allow-list of expected commands.
Audit external network connections
gstack connects to external endpoints. Verify every outbound connection goes to a trusted destination. Unauthorized callbacks are a primary indicator of ClawHavoc malware and data exfiltration. ClawSecure's proprietary engine monitors for known malicious endpoints including C2 infrastructure.
Resolve policy violations
gstack trips ClawSecure policy checks. Review each flagged pattern against your security policy and remediate or document an accepted exception before production use.

Related Security Research

Why Generic Scanners Fail at AI Agent SecurityUnderstanding Our 3-Layer Audit Protocol

Related AI Agent Security Audits

80e3abb00251d455Score 0/10062ac696296b54aadScore 0/100capability-evolverScore 0/100capability-evolverScore 0/10062ac696296b54aadScore 0/100

Scanned on April 17, 2026. gstack is one of thousands of agents audited by ClawSecure from the community-curated awesome-openclaw-skills list and the openclaw/skills repository.

Start Your Free Scan