Muse
SuspiciousAudited by ClawScan on May 10, 2026.
Overview
Muse is coherent with its stated purpose, but it grants very broad team-history access and autonomous agent control through an authenticated external CLI without clear scope or safety boundaries.
Before installing, confirm that your team approves sharing coding sessions and knowledge-base content with Tribe/Muse, verify the npm CLI source, use a limited account, avoid `-force -all` and autonomous-agent commands unless you intend them, and monitor or stop any spawned agents.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Private code, prompts, commands, and team discussions could be searched, synced, and reused by the agent; stale or poisoned history could also influence future answers.
The skill is designed to expose broad historical coding context to the agent, but the artifacts do not define path limits, exclusions, retention, or how this context is reused across tasks.
Give ClawBot access to your team's entire coding history... past sessions, team knowledge, and project context
Use only with team consent, confirm the provider's storage and retention rules, define project/path exclusions, and avoid broad sync or search unless needed.
Autonomous agents could continue acting across the codebase beyond the user's immediate request if started without careful supervision.
The documented workflow can spawn subagents and run autonomous agent sessions on an interval, but no artifact states approval, timeout, workspace, or rollback limits.
tribe muse spawn "Fix the login bug" fix-login ... tribe circuit auto --interval 30
Require explicit user approval before `muse spawn`, `circuit spawn`, or `circuit auto`; monitor active agents and use kill/stop commands promptly when finished.
ClawBot may act using the privileges of the logged-in Tribe account, including access to team data or agent controls available to that account.
The skill relies on a logged-in CLI session that may carry access to team coding history and agent-management privileges, but the artifacts do not define credential scope or least-privilege expectations.
Requires authentication: Run `tribe login` first. Most commands need an active session.
Use a least-privileged account or workspace, verify what `tribe login` grants, and revoke the session when the skill is no longer needed.
The safety of the installed CLI package is outside this artifact review.
The skill depends on an external npm CLI package for its real behavior, while the submitted artifacts contain no code files for review.
install:\n method: npm\n package: "@_xtribe/cli"\n postInstall: "tribe login"
Install only from a trusted npm source, check the package publisher and version, and prefer pinned versions or vendor documentation before deployment.