Council
Security checks across static analysis, malware telemetry, and agentic risk
Overview
Council appears to be a coherent multi-persona deliberation skill, but it installs persistent Claude agent definitions and grants those agents broad file, shell, and web tool access.
This skill looks safe to use for its stated purpose, but treat it like a multi-agent tool with broad local/web capabilities. Review the install script before running it, avoid putting secrets in /council prompts, and monitor any requested shell or file actions.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A council subagent may be able to inspect files, search the project, run shell commands, or access the web if the host agent allows those tools.
Council member agents are granted broad local file, shell, and web tools. This can be useful for the stated architecture/debugging analysis purpose, but users should notice that subagents may have more authority than simple persona prompting.
tools: ["Read", "Grep", "Glob", "Bash", "WebSearch", "WebFetch"]
Use the skill in workspaces where those tools are acceptable, and review/approve any shell or sensitive file actions prompted by the agent.
Anything included in the /council prompt may be repeated to several subagents and included in later deliberation rounds.
The skill intentionally passes the user’s problem statement and generated analyses among multiple subagents during deliberation. This is the advertised behavior, but it expands the context sharing surface.
Spawn each selected council member as a subagent using the Agent tool ... Here are the other council members' analyses: {all Round 1 outputs}Do not include secrets, private credentials, or highly sensitive information unless you are comfortable with it being shared across all selected council subagents.
Users may be asked to run a local install script from an unknown source.
The package has unknown provenance and includes an install.sh despite no registry install spec. The README discloses installation, and there is no evidence of malicious install behavior in the provided artifacts, but provenance and script review remain relevant.
Source: unknown; Homepage: none ... No install spec — this is an instruction-only skill ... Code file presence: install.sh
Inspect install.sh before running it, or use the README’s manual copy commands if you prefer a more transparent installation path.
The council agents and /council skill will remain available in future Claude Code sessions until removed.
The installation persists custom agent definitions and the skill in the user's Claude configuration. This is disclosed and purpose-aligned, not hidden background behavior.
cp agents/council-*.md ~/.claude/agents/ ... cp SKILL.md ~/.claude/skills/council/SKILL.md
Install only if you want these persistent agents available, and remove the copied files from ~/.claude/agents and ~/.claude/skills/council if you no longer use the skill.