nanoclaw-traffic-guardian
Pass
Audited by Gen Agent Trust Hub on May 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADS
Full Analysis
- [EXTERNAL_DOWNLOADS]: The
SKILL.mdfile contains a shell script for verifying release artifacts. It downloads checksums, signatures, and public keys from the author's official GitHub repository (prompt-security/clawsec). This process follows security best practices by validating artifacts against a hardcoded public key fingerprint before use. - [DATA_EXFILTRATION]: No unauthorized data access or exfiltration patterns were detected. The skill's specification (
SPEC.md) explicitly requires that CA private keys remain isolated on the host and that all sensitive data is redacted from logs and tool responses. - [PROMPT_INJECTION]: The skill describes an architecture that processes untrusted network data, creating a surface for potential indirect prompt injection. However, the specification proactively mandates safety requirements, such as snippet redaction and structured JSON finding schemas, to mitigate these risks.
Audit Metadata