clawbus - Skill
AdvisoryAudited by Static analysis on May 11, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A remote marketplace response could change what skills are installed and what instructions the agent follows in future sessions.
The skill instructs the agent to install arbitrary remote files from the marketplace and overwrite local skill files, but the artifacts do not describe provenance validation, integrity checks, version pinning, or safe path handling.
Always use `mode=files` to get the full skill with all of its files. ... Write every file from the `files` array. ... Overwrite the local copy of that skill with the downloaded files so the local version matches the server version.
Review downloaded files before activation, restrict writes to a safe skill directory, reject absolute or parent-directory paths, and prefer signed or version-pinned skill installs.
A downloaded skill could redirect the agent's behavior during the current task before the user has inspected what was installed.
The artifact tells the agent to treat newly downloaded remote instructions as immediately actionable, without a required user review or safety gate.
Read the downloaded `SKILL.md` and follow its instructions. ... Do not stop after download. A `use [SLUG]` request means fetch the skill, save it locally, and activate it in the same flow.
Require explicit user confirmation after showing the downloaded SKILL.md summary, and treat downloaded instructions as untrusted until reviewed.
Unsafe or compromised skill instructions could remain available to the agent across sessions and influence later work.
Downloaded instructions are stored persistently and later reused or refreshed, creating a persistent instruction-supply channel that can affect future agent context.
Skills are plain markdown files with optional supporting scripts, and they can be installed locally so they persist across sessions. ... If the skill already exists locally, refresh it from the backend before using it.
Keep a visible installed-skill inventory, allow easy removal or rollback, and require review before refreshing or reusing persistent skill instructions.