clawsec-nanoclaw
Pass
Audited by Gen Agent Trust Hub on May 15, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill implements robust security controls to protect the agent environment. It uses Ed25519 digital signatures to verify the integrity of external advisory feeds and skill packages before they are processed.
- [EXTERNAL_DOWNLOADS]: The skill fetches security advisory data from the vendor's official domain (
clawsec.prompt.security). These requests are restricted to a whitelist of allowed domains and use a secure HTTPS agent with TLS 1.2+ enforcement. - [DATA_EXFILTRATION]: No unauthorized data transfer was detected. Network operations are transparent and strictly limited to fetching threat intelligence and security configurations from trusted vendor infrastructure.
- [COMMAND_EXECUTION]: The skill uses IPC (Inter-Process Communication) to coordinate between the containerized agent and the host service. These operations are governed by strict path validation, preventing access to sensitive files or unauthorized directory traversal.
Audit Metadata