nanoclaw-traffic-guardian

Pass

Audited by Gen Agent Trust Hub on May 17, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADS
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The SKILL.md file contains a shell script for verifying release artifacts. It downloads checksums, signatures, and public keys from the author's official GitHub repository (prompt-security/clawsec). This process follows security best practices by validating artifacts against a hardcoded public key fingerprint before use.
  • [DATA_EXFILTRATION]: No unauthorized data access or exfiltration patterns were detected. The skill's specification (SPEC.md) explicitly requires that CA private keys remain isolated on the host and that all sensitive data is redacted from logs and tool responses.
  • [PROMPT_INJECTION]: The skill describes an architecture that processes untrusted network data, creating a surface for potential indirect prompt injection. However, the specification proactively mandates safety requirements, such as snippet redaction and structured JSON finding schemas, to mitigate these risks.
Audit Metadata
Risk Level
SAFE
Analyzed
May 17, 2026, 10:42 AM
Security Audit — agent-trust-hub — nanoclaw-traffic-guardian