claw-code-rust-agent-harness
Pass
Audited by Gen Agent Trust Hub on May 16, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the user to build the binary from source using
cargo buildand execute it locally. It includes an optional step to modify the shell profile (~/.bashrc) to add the build directory to the system PATH, which is a standard procedure for CLI tool installation. - [EXTERNAL_DOWNLOADS]: Downloads source code from a GitHub repository (
github.com/ultraworkers/claw-code). GitHub is a well-known service and the repository serves as the primary distribution point for this tool. - [DATA_EXFILTRATION]: The harness is designed to work with sensitive API credentials for Anthropic and OpenAI. These are managed via environment variables, which is a standard and recommended practice for command-line tools. There is no evidence of keys being transmitted to unauthorized third parties.
- [PROMPT_INJECTION]: The skill exposes a surface for indirect prompt injection as it facilitates the ingestion of local file content into an LLM context via the
--attachand@syntax. - Ingestion points: Processes local file content attached via CLI flags in
SKILL.mdexamples. - Boundary markers: No explicit delimiters or instruction-bypass warnings are defined in the provided CLI examples.
- Capability inventory: File system read access and network requests to official LLM provider APIs.
- Sanitization: The documentation references a
navigation-file-context.mdfor "secret-safety," though the implementation details of this sanitization are internal to the binary.
Audit Metadata