Aguara Watch

clawd-zero-trust

clawhub:clawd-zero-trust

View source
A
100/100

First Seen

Feb 20, 2026

Last Scanned

Feb 22, 2026

Findings

11

Score

100/100

LOW 11

Findings (11)

LOW
Shell script file execution
L29

Detects execution of shell script files via bash/sh command or direct invocation

./skills/clawd-zero-trust/scripts/egress-filter.sh
FIX

Replace direct shell script execution with a language-native implementation or a sandboxed executor. If shell scripts must run, restrict them to a vetted allowlist with integrity checks.

FP?

Likely FP if the match references running a script that is part of the skill's own repository (e.g., ./setup.sh) with clear, auditable contents.

LOW
Shell script file execution
L35

Detects execution of shell script files via bash/sh command or direct invocation

bash scripts/audit.sh
FIX

Replace direct shell script execution with a language-native implementation or a sandboxed executor. If shell scripts must run, restrict them to a vetted allowlist with integrity checks.

FP?

Likely FP if the match references running a script that is part of the skill's own repository (e.g., ./setup.sh) with clear, auditable contents.

LOW
Shell script file execution
L41

Detects execution of shell script files via bash/sh command or direct invocation

bash scripts/harden.sh
FIX

Replace direct shell script execution with a language-native implementation or a sandboxed executor. If shell scripts must run, restrict them to a vetted allowlist with integrity checks.

FP?

Likely FP if the match references running a script that is part of the skill's own repository (e.g., ./setup.sh) with clear, auditable contents.

LOW
Shell script file execution
L44

Detects execution of shell script files via bash/sh command or direct invocation

bash scripts/harden.sh
FIX

Replace direct shell script execution with a language-native implementation or a sandboxed executor. If shell scripts must run, restrict them to a vetted allowlist with integrity checks.

FP?

Likely FP if the match references running a script that is part of the skill's own repository (e.g., ./setup.sh) with clear, auditable contents.

LOW
Shell script file execution
L50

Detects execution of shell script files via bash/sh command or direct invocation

bash /home/claw/.openclaw/workspace/skills/clawd-zero-trust/scripts/egress-filter.sh
FIX

Replace direct shell script execution with a language-native implementation or a sandboxed executor. If shell scripts must run, restrict them to a vetted allowlist with integrity checks.

FP?

Likely FP if the match references running a script that is part of the skill's own repository (e.g., ./setup.sh) with clear, auditable contents.

LOW
Shell script file execution
L53

Detects execution of shell script files via bash/sh command or direct invocation

bash /home/claw/.openclaw/workspace/skills/clawd-zero-trust/scripts/egress-filter.sh
FIX

Replace direct shell script execution with a language-native implementation or a sandboxed executor. If shell scripts must run, restrict them to a vetted allowlist with integrity checks.

FP?

Likely FP if the match references running a script that is part of the skill's own repository (e.g., ./setup.sh) with clear, auditable contents.

LOW
Shell script file execution
L56

Detects execution of shell script files via bash/sh command or direct invocation

bash /home/claw/.openclaw/workspace/skills/clawd-zero-trust/scripts/egress-filter.sh
FIX

Replace direct shell script execution with a language-native implementation or a sandboxed executor. If shell scripts must run, restrict them to a vetted allowlist with integrity checks.

FP?

Likely FP if the match references running a script that is part of the skill's own repository (e.g., ./setup.sh) with clear, auditable contents.

LOW
Shell script file execution
L59

Detects execution of shell script files via bash/sh command or direct invocation

bash /home/claw/.openclaw/workspace/skills/clawd-zero-trust/scripts/egress-filter.sh
FIX

Replace direct shell script execution with a language-native implementation or a sandboxed executor. If shell scripts must run, restrict them to a vetted allowlist with integrity checks.

FP?

Likely FP if the match references running a script that is part of the skill's own repository (e.g., ./setup.sh) with clear, auditable contents.

LOW
Shell script file execution
L62

Detects execution of shell script files via bash/sh command or direct invocation

bash /home/claw/.openclaw/workspace/skills/clawd-zero-trust/scripts/egress-filter.sh
FIX

Replace direct shell script execution with a language-native implementation or a sandboxed executor. If shell scripts must run, restrict them to a vetted allowlist with integrity checks.

FP?

Likely FP if the match references running a script that is part of the skill's own repository (e.g., ./setup.sh) with clear, auditable contents.

LOW
Shell script file execution
L65

Detects execution of shell script files via bash/sh command or direct invocation

bash /home/claw/.openclaw/workspace/skills/clawd-zero-trust/scripts/egress-filter.sh
FIX

Replace direct shell script execution with a language-native implementation or a sandboxed executor. If shell scripts must run, restrict them to a vetted allowlist with integrity checks.

FP?

Likely FP if the match references running a script that is part of the skill's own repository (e.g., ./setup.sh) with clear, auditable contents.

LOW
Shell script file execution
L70

Detects execution of shell script files via bash/sh command or direct invocation

bash scripts/release-gate.sh
FIX

Replace direct shell script execution with a language-native implementation or a sandboxed executor. If shell scripts must run, restrict them to a vetted allowlist with integrity checks.

FP?

Likely FP if the match references running a script that is part of the skill's own repository (e.g., ./setup.sh) with clear, auditable contents.