clawsec-feed
Pass
Audited by Gen Agent Trust Hub on May 17, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: Fetches release metadata, advisories, and installation artifacts from the vendor's official GitHub repository (prompt-security/clawsec). These downloads are necessary for the skill's stated purpose of threat intelligence monitoring and target established vendor infrastructure.
- [COMMAND_EXECUTION]: Utilizes local system tools (bash, curl, jq, openssl, shasum, unzip) to manage the installation and polling process. The scripts provided include significant security-conscious features, such as verifying the public key fingerprint and using openssl to verify signed manifests before proceeding with installation.
- [REMOTE_CODE_EXECUTION]: The installation process involves downloading and extracting a .skill artifact. This execution is protected by a multi-stage verification process including SHA-256 checksums for every file and cryptographic signature verification of the overall manifest to prevent tampering.
Audit Metadata