Version
1.2.2
Status: pending_audit
Created: 1/16/2026, 8:01:26 PM
LatestaiWARN
Risk: mediumStarted: 1/16/2026, 8:02:15 PMCompleted: 1/16/2026, 8:02:22 PM
View report details
{
"notes": "Placeholders for tokens in snippets are environment variables; no hardcoded secrets observed.",
"risks": [
{
"category": "network",
"evidence": "Scripts reference fetching/downloading docs: readme shows ./scripts/fetch-doc.sh and build-index.sh fetch; fetch-doc.sh echoes https://docs.clawd.bot/$1",
"severity": "medium",
"recommendation": "Declare outbound network access to docs.clawd.bot in the skill metadata and ensure requests are limited to documentation domains."
},
{
"category": "filesystem",
"evidence": "Scripts build local cache/index and track changes (build-index.sh, cache.sh, track-changes.sh).",
"severity": "low",
"recommendation": "Document filesystem usage and ensure writes are limited to the skill’s workspace."
}
],
"summary": "Skill provides documentation tooling with scripts that fetch and index docs from docs.clawd.bot; network usage is implied but not declared in manifest. No obfuscation or exfiltration detected.",
"verdict": "warn",
"allowNetwork": [
"docs.clawd.bot"
],
"requireHumanReview": true
}dependencyWARN
Risk: mediumStarted: 1/16/2026, 8:02:15 PMCompleted: 1/16/2026, 8:02:15 PM
View report details
{
"requires": {
"env": [],
"bins": [],
"config": [],
"anyBins": []
},
"installers": [],
"references": {
"tools": [],
"connectors": []
},
"dependencies": []
}licensePASS
Risk: lowStarted: n/aCompleted: n/a
View report details
{
"license": "MIT",
"allowlisted": true
}metadataPASS
Risk: lowStarted: n/aCompleted: n/a
View report details
{
"name": "Clawdbot Documentation Expert",
"type": "tool",
"license": "MIT",
"version": "1.2.2",
"homepage": "https://clawdhub.com/NicholasSpisak/clawddocs",
"security": {
"openSource": true,
"safeListed": false,
"auditRequired": true,
"requireSource": false,
"requiresAudit": true,
"repositoryHost": null,
"declaredOpenSource": true,
"declaredAuditRequired": null,
"repositoryHostAllowed": null
},
"repository": null,
"description": "Clawdbot documentation expert with decision tree navigation, search scripts, doc fetching, version tracking, and config snippets for all Clawdbot features",
"sourceBytes": 5082,
"capabilities": [
"documentation-search",
"documentation-fetch",
"configuration-generation"
],
"sourceCommit": null,
"sourceSha256": "ce21f132bfa567e22667c9b83a3f4ea29cedc554c98f79b56ed588db374b6ff2"
}sandboxPASS
Risk: lowStarted: 1/16/2026, 8:02:15 PMCompleted: 1/16/2026, 8:02:15 PM
View report details
{
"reason": "sandbox deferred in v1",
"skipped": true
}staticPASS
Risk: lowStarted: 1/16/2026, 8:02:15 PMCompleted: 1/16/2026, 8:02:15 PM
View report details
{
"flags": [],
"fileCount": 10,
"sourceScan": {
"totalFiles": 10,
"scannedFiles": 10,
"skippedBytes": 0,
"skippedFiles": 0,
"suspiciousFiles": [
{
"path": "SKILL.md",
"reasons": [
"network"
],
"excerpts": [
" - Webhooks → `automation/webhook`",
"./scripts/fetch-doc.sh gateway/configuration # Get specific doc",
"./scripts/build-index.sh fetch # Download all docs"
]
},
{
"path": "scripts/build-index.sh",
"reasons": [
"network"
],
"excerpts": [
" fetch)",
" echo \"Usage: build-index.sh {fetch|build|search <query>}\""
]
},
{
"path": "scripts/fetch-doc.sh",
"reasons": [
"network"
],
"excerpts": [
"# Fetch a specific doc",
" echo \"Usage: fetch-doc.sh <path>\"",
"echo \"Fetching: https://docs.clawd.bot/$1\""
]
},
{
"path": "snippets/common-configs.md",
"reasons": [
"secrets"
],
"excerpts": [
" \"token\": \"${DISCORD_TOKEN}\",",
" \"token\": \"${TELEGRAM_TOKEN}\""
]
}
]
}
}