Back to skill
Skillv5.6.1
ClawScan security
Agent Passport · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 23, 2026, 8:12 AM
- Verdict
- benign
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill's requirements and instructions match its stated purpose (agent identity, delegation, and enforcement); it asks only for npx and an optional GITHUB_TOKEN and directs use of an npm package and external MCP endpoints — nothing appears to be trying to do unrelated or hidden work, but it will download and run code from npm and communicate with remote servers so review before use.
- Guidance
- This skill appears internally consistent for agent identity and delegation, but it will download and run code from npm and communicate with external endpoints (mcp.aeoess.com, api.aeoess.com). Before installing: 1) review the npm package source (github.com/aeoess/agent-passport-system) and recent releases; 2) treat the generated .passport/agent.json like an SSH private key — store it securely and avoid sharing it; 3) only provide GITHUB_TOKEN if you understand and trust the register_agora_public workflow; 4) consider running the package in a sandbox or isolated environment if you want to limit exposure; and 5) audit network interactions (what data is sent to the MCP/Intent network) if you need confidentiality assurances.
Review Dimensions
- Purpose & Capability
- okName/description (agent identity, delegation, enforcement) align with the declared needs: npx to run the CLI and an npm package 'agent-passport-system' that provides the agent-passport binary. The optional GITHUB_TOKEN is narrowly scoped (documented as only for register_agora_public). No unrelated credentials, binaries, or config paths are requested.
- Instruction Scope
- noteSKILL.md instructs the agent to run npx commands that create a local .passport/agent.json (Ed25519 keypair, signed passport), delegate authority, record signed receipts, and contact remote MCP endpoints (mcp.aeoess.com, api.aeoess.com). This is consistent with the stated purpose, but it does create persistent local secrets (private keys) and sends identity/delegation/receipt data to external services — users should expect network transmission of attestations and receipts.
- Install Mechanism
- noteInstall is via npm/node (package agent-passport-system and agent-passport-system-mcp) and the registry metadata declares a node install that creates an agent-passport binary. Installing/running via npm/npx will fetch and run remote code (moderate risk compared to instruction-only). No raw download URLs or obscure hosts are used for installation, but the package code is not included in this bundle (instruction-only), so installing will pull from npm.
- Credentials
- okOnly npx is required and GITHUB_TOKEN is optional and documented for a specific action (register_agora_public). No broad or unrelated secrets are requested and the skill does not declare other config paths or primary credentials.
- Persistence & Privilege
- okThe skill is not marked always:true and does not request elevated platform privileges. It creates local files (e.g., .passport/agent.json) to store key material, which is expected for an identity system; autonomous invocation is allowed (platform default) but not combined with other red flags.