Agent Native Design
PassAudited by VirusTotal on May 5, 2026.
Overview
Type: OpenClaw Skill Name: agent-native-design Version: 1.3.3 The skill bundle is a legitimate framework for designing agent-native CLIs, but it is classified as suspicious due to the 'Step 0' update logic in SKILL.md. This section instructs the AI agent to execute shell commands, including 'git ls-remote' and 'git pull', to update the skill's own source code from its GitHub repository (https://github.com/Agents365-ai/agent-native-design). While the instructions mandate explicit user consent and the README.md changelog indicates this replaced a previous 'silent' update mechanism to improve security, the capability for an agent to perform self-directed code modification via remote git operations constitutes a significant risky behavior and a potential supply-chain attack surface.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If you apply this guidance to real CLIs, agents may be given tokens that let them act with the token holder's permissions.
The skill teaches CLI designs where agents may operate with delegated tokens or profiles from environment-level configuration. This is expected for auth-aware CLI design, but it touches credential authority.
Human/system obtains auth token or credentials ... Set trusted env vars: token, profile, safety mode
Use short-lived, least-privilege tokens; clearly document required env vars; keep the human or platform in charge of login and token rotation.
If you approve an update, new upstream content could alter how the skill guides your agent.
The README documents an update-check/pull workflow for Git-installed copies. It is disclosed and requires consent, but accepting an update changes the installed skill's future instructions.
Notifies and asks — surfaces the actual version delta (`vX.Y.Z → vA.B.C`) and pulls only with explicit user consent
Install from a trusted source, prefer pinned or registry versions when possible, and review version changes before approving a pull.