← Back to Scanner

gstack Security Audit Report

🔭 Continuously monitored by ClawSecure Watchtower
Source:
SHA-256:

gstack is an AI agent skill, created by garrytan and published at garrytan/gstack. ClawSecure audited gstack across 88 files through the 3-Layer Audit Protocol covering all ten OWASP ASI Top 10 categories, assigning a security score of 0/100 (High Risk). The 49 findings concentrate in Command Injection, ReDoS and Malicious Code, including Pattern detected: from "child_process" and Pattern detected: spawnSync(. 22 were rated high or critical severity.

Is gstack safe?

ClawSecure audited gstack and assigned a security score of 0/100 (High Risk), identifying 49 findings across Command Injection and ReDoS. Review the findings below before installing.

What did ClawSecure find in gstack?

ClawSecure identified 49 findings in gstack, concentrated in Command Injection, ReDoS and Malicious Code. 22 were rated high or critical severity. The most severe include Pattern detected: from "child_process" and Pattern detected: spawnSync(.

How was gstack audited?

ClawSecure ran gstack through its 3-Layer Audit Protocol with full OWASP ASI Top 10 coverage, scanning 88 files from garrytan/gstack.

What does a score of 0 mean?

ClawSecure assigned gstack a security score of 0/100, placing it in the High Risk range. This is driven by 49 findings led by Command Injection that should be addressed before use. ClawSecure derives this score with a weighted deduction model (critical -20, high -10, medium -5, low -2 from a base of 100).

Audit Findings for gstack

ClawSecure detected 49 security findings in gstack, spanning Command Injection, ReDoS, Malicious Code and Code Injection.

Showing the 12 highest-severity of 49 findings. The full interactive list appears below.

3-Layer Audit Protocol

Security Recommendations for gstack

Harden command execution
gstack constructs or runs system commands. Validate that commands are built only from trusted inputs, never pass user-controlled strings directly to a shell, and restrict execution to an allow-list of expected commands.
Fix ReDoS-prone patterns
gstack contains regular expressions vulnerable to catastrophic backtracking (ReDoS). Replace vulnerable patterns, bound input length, and prefer linear-time matching so a crafted input cannot hang the agent.
Audit external network connections
gstack connects to external endpoints. Verify every outbound connection goes to a trusted destination. Unauthorized callbacks are a primary indicator of ClawHavoc malware and data exfiltration. ClawSecure's proprietary engine monitors for known malicious endpoints including C2 infrastructure.

Related Security Research

Why Generic Scanners Fail at AI Agent SecurityUnderstanding Our 3-Layer Audit Protocol

Related AI Agent Security Audits

a4b01e81f20e9814Score 0/100understand-anythingScore 0/10062ac696296b54aadScore 0/10062ac696296b54aadScore 0/100understand-anythingScore 0/100

Scanned on June 3, 2026. gstack is one of thousands of agents audited by ClawSecure from the community-curated awesome-openclaw-skills list and the openclaw/skills repository.

Start Your Free Scan