clawsweeper-status
Pass
Audited by Gen Agent Trust Hub on May 11, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill executes a local shell script (
clawsweeper-status.sh) to fetch repository status information. The script uses the official GitHub CLI ('gh') and 'jq' for data processing. - [SAFE]: Although the skill processes untrusted data from GitHub (issue comments and PR titles), the script applies sanitization via 'jq' filters to remove control characters and limit output length before display.
- [SAFE]: The script uses temporary directories for intermediate JSON storage and ensures they are cleaned up upon exit using a trap mechanism.
- [SAFE]: No evidence of credential exfiltration, obfuscation, or unauthorized command execution was found. The use of hardcoded local paths in the documentation matches the author's specified development environment.
Audit Metadata