clawsec-feed

Pass

Audited by Gen Agent Trust Hub on May 17, 2026

Risk Level: SAFE
Full Analysis
  • [EXTERNAL_DOWNLOADS]: Fetches release metadata, advisories, and installation artifacts from the vendor's official GitHub repository (prompt-security/clawsec). These downloads are necessary for the skill's stated purpose of threat intelligence monitoring and target established vendor infrastructure.
  • [COMMAND_EXECUTION]: Utilizes local system tools (bash, curl, jq, openssl, shasum, unzip) to manage the installation and polling process. The scripts provided include significant security-conscious features, such as verifying the public key fingerprint and using openssl to verify signed manifests before proceeding with installation.
  • [REMOTE_CODE_EXECUTION]: The installation process involves downloading and extracting a .skill artifact. This execution is protected by a multi-stage verification process including SHA-256 checksums for every file and cryptographic signature verification of the overall manifest to prevent tampering.
Audit Metadata
Risk Level
SAFE
Analyzed
May 17, 2026, 10:42 AM
Security Audit — agent-trust-hub — clawsec-feed