Skip to main content
Scans/clawhub/founderclaw

founderclaw

clawhub

Share

Summary

founderclaw v2.1.0 was classified as CRITICAL RISK with a risk score of 75.2. Sigil detected 34 findings across 165 files, covering phases including install hooks, code patterns, network exfiltration. Review the findings below before installing this package.

CRITICAL RISK(75.2)

v2.1.0

4 May 2026, 07:27 UTC

by Sigil Bot

Risk Score

75.2

Findings

34

Files Scanned

165

Provenance

Registry

https://clawhub.com/skills/founderclaw

Scanned From

https://clawhub.ai/api/v1/download?slug=founderclaw&version=2.1.0

Findings by Phase

Phase Ordering

Phases are ordered by criticality, with the most dangerous at the top. Click any phase header to expand or collapse its findings. Critical phases are expanded by default.

install-makefile-curl

LOW

Makefile/script pipes remote content to shell

README.md:44

```bash
curl -fsSL https://raw.githubusercontent.com/ashish797/FounderClaw/main/install.sh | bash
```
Why was this flagged?

A script or Makefile pipes content from a remote URL directly into a shell (curl | sh or wget | bash). This is inherently dangerous because the remote content can change at any time, and the command runs with the current user's permissions. Rated HIGH because it requires manual execution (unlike install hooks) but still executes arbitrary remote code.

install-makefile-curl

LOW

Makefile/script pipes remote content to shell

docs/index.html:68


Run this in terminal: <code>curl -fsSL https://raw.githubusercontent.com/ashish797/FounderClaw/main/install.sh | bash</code>
Why was this flagged?

A script or Makefile pipes content from a remote URL directly into a shell (curl | sh or wget | bash). This is inherently dangerous because the remote content can change at any time, and the command runs with the current user's permissions. Rated HIGH because it requires manual execution (unlike install hooks) but still executes arbitrary remote code.

install-makefile-curl

LOW

Makefile/script pipes remote content to shell

docs/index.html:83

    <p>One command, everything:</p>
    <code>curl -fsSL https://raw.githubusercontent.com/ashish797/FounderClaw/main/install.sh | bash</code>
  </div>
Why was this flagged?

A script or Makefile pipes content from a remote URL directly into a shell (curl | sh or wget | bash). This is inherently dangerous because the remote content can change at any time, and the command runs with the current user's permissions. Rated HIGH because it requires manual execution (unlike install hooks) but still executes arbitrary remote code.

install-makefile-curl

LOW

Makefile/script pipes remote content to shell

docs/index.html:136


Run this in terminal: curl -fsSL https://raw.githubusercontent.com/ashish797/FounderClaw/main/install.sh | bash
Why was this flagged?

A script or Makefile pipes content from a remote URL directly into a shell (curl | sh or wget | bash). This is inherently dangerous because the remote content can change at any time, and the command runs with the current user's permissions. Rated HIGH because it requires manual execution (unlike install hooks) but still executes arbitrary remote code.

install-makefile-curl

LOW

Makefile/script pipes remote content to shell

docs/landing.html:68

    <p>Run in your terminal:</p>
    <code>curl -fsSL https://raw.githubusercontent.com/ashish797/FounderClaw/main/install.sh | bash</code>
  </div>
Why was this flagged?

A script or Makefile pipes content from a remote URL directly into a shell (curl | sh or wget | bash). This is inherently dangerous because the remote content can change at any time, and the command runs with the current user's permissions. Rated HIGH because it requires manual execution (unlike install hooks) but still executes arbitrary remote code.

install-makefile-curl

HIGH

Makefile/script pipes remote content to shell

install.sh:3

# FounderClaw installer — ONE command, does EVERYTHING
# Usage: curl -fsSL https://raw.githubusercontent.com/ashish797/FounderClaw/main/install.sh | bash
Why was this flagged?

A script or Makefile pipes content from a remote URL directly into a shell (curl | sh or wget | bash). This is inherently dangerous because the remote content can change at any time, and the command runs with the current user's permissions. Rated HIGH because it requires manual execution (unlike install hooks) but still executes arbitrary remote code.

Badge

Sigil scan badge for clawhub/founderclaw

Markdown

[![Sigil Scan](https://sigilsec.ai/badge/clawhub/founderclaw)](https://sigilsec.ai/scans/B6C25700-E232-4826-BA89-50582D0BC09E)

HTML

<a href="https://sigilsec.ai/scans/B6C25700-E232-4826-BA89-50582D0BC09E"><img src="https://sigilsec.ai/badge/clawhub/founderclaw" alt="Sigil Scan"></a>

Run This Scan Yourself

Scan your own packages

Run Sigil locally to audit any package before it touches your codebase.

curl -sSL https://sigilsec.ai/install.sh | sh
Read the docs →Free. Apache 2.0.

Sigil Pro

Cloud scanning, AI investigation, web dashboard, and CI/CD integration. 30-day free trial.

Start free trial →

Get threat intelligence and product updates

Security research, new threat signatures, and product updates. No spam.

Other clawhub scans

bytesagain-meeting-minutes

v1.0.3

LOW RISK0

feishu-chatfile-skill

v1.0.0

CRITICAL RISK54

ai-daily-news-get

v1.0.0

LOW RISK0

real-mousic-skills

v1.0.1

CRITICAL RISK89

developer-marketing-playbook

v1.1.2

LOW RISK7.8

Believe this result is incorrect? Request a review or see our Terms of Service and Methodology.

Scanned bySigil Bot
← Back to Scan Database