everclaw
everclaw-inference · v0.9.7 · by
59.1
Trust Score
0
Trust Tier
danger
Badge
Score Breakdown
| Factor | Score | Weight |
|---|---|---|
| Static | 0.0 | 15% |
| Permission | 95.0 | 15% |
| Poison | 100.0 | 15% |
| Clickfix | 100.0 | 15% |
| Credential | 60.0 | 15% |
| Twostage | 5.0 | 10% |
| Infrastructure | 0.0 | 5% |
| Typosquat | 100.0 | 5% |
| Age | 10.6 | 3% |
| Popularity | 0.0 | 2% |
Scan Results
STATIC — Score: 0
[CRITICAL] Remote code download and execution via curl pipe
(line 63)
note: "curl | bash installer available but users should review scripts before executing. All scripts are open source at
[CRITICAL] Remote code download and execution via curl pipe
(line 135)
curl -fsSL https://raw.githubusercontent.com/profbernardoj/everclaw/main/scripts/install-everclaw.sh | bash
[CRITICAL] Remote code download and execution via curl pipe
(line 983)
- **🔴 NUCLEAR:** `curl -fsSL https://clawd.bot/install.sh | bash`
[INFO] Cryptocurrency wallet file access or exfiltration
(line 1234)
The [ERC-8004](https://eips.ethereum.org/EIPS/eip-8004) protocol provides on-chain registries for agent discovery and tr
[INFO] Cryptocurrency theft or unauthorized transfer pattern
(line 1209)
4. **EIP-712 Signing** — Signs a `TransferWithAuthorization` (EIP-3009) for USDC on Base using the agent's wallet
[CRITICAL] Remote script download piped to shell execution
(line 63)
note: "curl | bash installer available but users should review scripts before executing. All scripts are open source at
[CRITICAL] Remote script download piped to shell execution
(line 135)
curl -fsSL https://raw.githubusercontent.com/profbernardoj/everclaw/main/scripts/install-everclaw.sh | bash
[CRITICAL] Remote script download piped to shell execution
(line 983)
- **🔴 NUCLEAR:** `curl -fsSL https://clawd.bot/install.sh | bash`
[MEDIUM] Fetching content from non-OpenClaw GitHub repositories
(line 135)
curl -fsSL https://raw.githubusercontent.com/profbernardoj/everclaw/main/scripts/install-everclaw.sh | bash
PERMISSION — Score: 95
[LOW] Skill appears to use network but declares no permissions
POISON — Score: 100
No findings.
CLICKFIX — Score: 100
No findings.
INFRASTRUCTURE — Score: 0
[HIGH] Direct IP URL with no domain (likely C2 server)
(line 638)
curl http://127.0.0.1:8083/health
[HIGH] Direct IP URL with no domain (likely C2 server)
(line 644)
curl http://127.0.0.1:8083/v1/models
[HIGH] Direct IP URL with no domain (likely C2 server)
(line 650)
curl http://127.0.0.1:8083/v1/chat/completions \
[HIGH] Direct IP URL with no domain (likely C2 server)
(line 755)
"baseUrl": "http://127.0.0.1:8083/v1",
[HIGH] Direct IP URL with no domain (likely C2 server)
(line 1378)
| Proxy health | `curl http://127.0.0.1:8083/health`
TWOSTAGE — Score: 5
[CRITICAL] Download piped directly to interpreter (two-stage loader)
(line 135)
curl -fsSL https://raw.githubusercontent.com/profbernardoj/everclaw/main/scripts/install-everclaw.sh | bash
[CRITICAL] Download piped directly to interpreter (two-stage loader)
(line 983)
- **🔴 NUCLEAR:** `curl -fsSL https://clawd.bot/install.sh | bash`
CREDENTIAL — Score: 60
[CRITICAL] macOS Keychain credential access
(line 270)
OP_SERVICE_ACCOUNT_TOKEN=$(security find-generic-password -a "YOUR_KEYCHAIN_ACCOUNT" -s "op-service-account-token" -w) \
TYPOSQUAT — Score: 100
No findings.