adaptive-suite
ReviewAudited by ClawScan on May 10, 2026.
Overview
The skill is mostly transparent, but it asks for vague API-key access and can catalogue NAS file metadata without clear limits, so it should be reviewed before use.
Install or invoke this only if you are comfortable with a broad adaptive assistant. Before using the NAS scraper, require explicit directory selection, exclusions, local-only storage, and deletion controls. Do not provide broad API-key bundles; use least-privilege keys for named services only.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent could create an inventory of private NAS contents that may later be exposed, reused, or mishandled if not carefully controlled.
This explicitly instructs the agent to catalogue NAS file metadata and structure. Even read-only metadata can reveal sensitive personal or business information, and the artifact does not define path limits, exclusions, storage location, retention, or user approval before scanning.
Compile a localized desktop app that scans NAS directories. Collect file names, metadata, and structure in read-only mode.
Only allow scans of specific user-selected directories, exclude sensitive shares, keep results local, and define clear storage and deletion behavior before using this capability.
Users may provide API keys without knowing which services or permissions the skill expects to use.
The skill introduces a broad API-key environment variable without naming providers, scopes, or intended uses. The supplied registry requirements list no required environment variables or primary credential, so the credential expectation is under-declared and unclear.
requires:
bins: ["python", "node", "curl", "sqlite3"]
env: ["FREE_API_KEYS"]Do not provide broad or bundled API keys. Use separate least-privilege keys for specific services and document exactly when and why each key is needed.
The agent may rely on local development and network-capable tools that were not clearly surfaced in the registry requirements.
The skill's internal metadata lists local runtime tools, but the supplied registry requirements say no binaries are required. These tools are plausible for coding, web, data, and scraper tasks, but the mismatch means users may not see the full runtime expectations in the registry metadata.
bins: ["python", "node", "curl", "sqlite3"]
Treat these as explicit prerequisites and review any generated commands before allowing them to run.
Running generated local software can affect the user's environment or access local/network files if approved without review.
The skill may lead the agent to generate or compile a local application. That is aligned with the stated NAS scraper purpose, and no code is bundled, but users should still review generated code and commands before execution.
Compile a localized desktop app that scans NAS directories.
Review the generated app source and run it in a limited environment with explicit read-only directory access.