Arbiter
ReviewAudited by ClawScan on May 10, 2026.
Overview
The skill mostly matches its human-review purpose, but its push command builds a file path from an unsanitized agent value, so crafted input could write review files outside the intended queue.
Review carefully before installing. The skill's purpose is sensible, but wait for or apply a fix that confines arbiter-push writes to the Arbiter queue, and avoid sending secrets or highly sensitive project details through the human-review channel unless you trust the Arbiter Zebu and Telegram setup.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A crafted plan request or environment value could create a markdown file in an unintended existing directory under the user's permissions, instead of only in the Arbiter queue.
The user-controllable agent value is not slugified or checked before being placed into a path. If it contains path separators such as ../, Node's join can resolve the output outside the intended pending queue.
const agent = args.agent || process.env.CLAWDBOT_AGENT || 'unknown'; ... const filename = `${agent}-${slugify(args.title)}-${id}.md`; const filepath = join(getQueueDir('pending'), filename); ... writeFileSync(filepath, content, 'utf-8');Sanitize or slugify the agent value, reject /, \, and .. components, and after path construction resolve the path and verify it remains under ~/.arbiter/queue/pending before writing.
Installing globally gives the package's CLI code local execution ability, so users need to trust the published package or repository.
The installation paths are user-directed and normal for a CLI, but they rely on external package/GitHub provenance outside a registry install spec.
bun add -g arbiter-skill ... git clone https://github.com/5hanth/arbiter-skill.git ... npm install && npm run build
Prefer a reviewed/pinned install source, pin package versions or commits where possible, and verify the package before global installation.
Decision text may be visible to the Arbiter bot, the configured human reviewer, and Telegram, depending on the external Arbiter Zebu setup.
The skill is designed to pass decision context through a local queue to another bot and human reviewer, with answers later consumed by the agent.
Arbiter Zebu bot detects new file ... Human reviews & answers in Telegram ... Agent picks up answers
Only include context appropriate for that reviewer/channel, avoid secrets in decision prompts, and ensure the Arbiter Zebu bot and Telegram reviewer are trusted.