6bc837afc1a86e89 Security Audit Report
6bc837afc1a86e89 is an AI agent skill, created by NevaMind-AI and published at NevaMind-AI/memU. ClawSecure audited 6bc837afc1a86e89 across 70 files through the 3-Layer Audit Protocol covering all ten OWASP ASI Top 10 categories, assigning a security score of 0/100 (High Risk). The 19 findings concentrate in Malicious Code, Command Injection and Code Injection, including Pattern detected: spawnSync( and Pattern detected: spawnSync(. 12 were rated high or critical severity.
Is 6bc837afc1a86e89 safe?
ClawSecure audited 6bc837afc1a86e89 and assigned a security score of 0/100 (High Risk), identifying 19 findings across Malicious Code and Command Injection. Review the findings below before installing.
What did ClawSecure find in 6bc837afc1a86e89?
ClawSecure identified 19 findings in 6bc837afc1a86e89, concentrated in Malicious Code, Command Injection and Code Injection. 12 were rated high or critical severity. The most severe include Pattern detected: spawnSync( and Pattern detected: spawnSync(.
How was 6bc837afc1a86e89 audited?
ClawSecure ran 6bc837afc1a86e89 through its 3-Layer Audit Protocol with full OWASP ASI Top 10 coverage, scanning 70 files from NevaMind-AI/memU.
What does a score of 0 mean?
ClawSecure assigned 6bc837afc1a86e89 a security score of 0/100, placing it in the High Risk range. This is driven by 19 findings led by Malicious Code that should be addressed before use. ClawSecure derives this score with a weighted deduction model (critical -20, high -10, medium -5, low -2 from a base of 100).
Audit Findings for 6bc837afc1a86e89
ClawSecure detected 19 security findings in 6bc837afc1a86e89, spanning Malicious Code, Command Injection, Code Injection and Obfuscation.
- critical · Pattern detected: spawnSync(. Command Injection finding detected in
npm/bin/memu.js:17. - critical · Pattern detected: spawnSync(. Command Injection finding detected in
npm/bin/memu.js:22. - critical · Pattern detected: spawnSync(. Command Injection finding detected in
npm/bin/memu.js:40. - high · Attempts to access sensitive file: SOUL.md. Malicious Code finding detected in
README.md. - high · Attempts to access sensitive file: MEMORY.md. Malicious Code finding detected in
0004-workspace-memorize-and-memory-file-system.md. - high · Attempts to access sensitive file: MEMORY.md. Malicious Code finding detected in
0006-from-memory-item-category-to-tracked-workspace-memorization.md. - high · Attempts to access sensitive file: MEMORY.md. Malicious Code finding detected in
0007-three-independent-memory-lines-wiki-graph.md. - high · Attempts to access sensitive file: MEMORY.md. Malicious Code finding detected in
0008-two-integration-surfaces-hooks-and-api.md. - high · Attempts to access sensitive file: SOUL.md. Malicious Code finding detected in
0010-multi-host-adapters.md. - high · Attempts to access sensitive file: SOUL.md. Malicious Code finding detected in
0011-generic-host-adapter.md. - high · Potentially dangerous code pattern detected: curl.*\|.*sh. Code Injection finding detected in
CONTRIBUTING.md. - high · Potentially dangerous code pattern detected: curl.*\|.*sh. Code Injection finding detected in
README.md.
Showing the 12 highest-severity of 19 findings. The full interactive list appears below.
3-Layer Audit Protocol
Security Recommendations for 6bc837afc1a86e89
Audit external network connections
Harden command execution
Eliminate dynamic code execution
Related Security Research
ClawHavoc Explained: The Malware Family Targeting AI Agents→Beyond Static Scans: Why ClawSecure Verifies Agentic Intent→Related AI Agent Security Audits
Scanned on July 15, 2026. 6bc837afc1a86e89 is one of thousands of agents audited by ClawSecure from the community-curated awesome-openclaw-skills list and the openclaw/skills repository.