v1.3.0

Muse

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 5:22 AM.

Analysis

Muse is transparent about its purpose, but it requests broad authenticated access to coding history and can sync knowledge or run autonomous agents, so it should be reviewed carefully before installation.

GuidanceInstall only if you trust Tribe/Muse and are comfortable granting authenticated access to your team's coding history. Before using it, confirm package provenance, restrict the connected account and projects, understand where synced knowledge is stored, and avoid broad sync or autonomous modes until you have clear approval and monitoring.

Findings (5)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Agentic Supply Chain Vulnerabilities

SeverityMediumConfidenceHighStatusConcern

SKILL.md

install:
      method: npm
      package: "@_xtribe/cli"
      postInstall: "tribe login"

The skill relies on an external npm CLI and login flow, while the registry says there is no install spec and no required credential. Because this CLI is the gateway to sensitive history and agent control, the under-declared install path is material.

User impactInstalling may require trusting and authenticating an external CLI package that is not clearly surfaced in the registry metadata.

RecommendationVerify the npm package publisher, version, and source before installing; the registry should declare the required binary, install method, and authentication requirement.

Rogue Agents

SeverityHighConfidenceHighStatusConcern

SKILL.md

orchestrate autonomous agents... tribe muse start... tribe muse spawn "Fix the login bug" fix-login... tribe circuit auto --interval 30

The skill includes leader agents, spawned subagents, and an auto-running circuit mode, but does not specify containment, stop conditions, permission checks, or user approval requirements for autonomous work.

User impactAutonomous agents could continue acting on codebase tasks or generating changes beyond a single explicit user request.

RecommendationOnly use autonomous modes with clear task boundaries, monitoring, and manual approval for code changes, external actions, or long-running work.

Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse

SeverityHighConfidenceHighStatusConcern

SKILL.md

Give ClawBot access to your team's entire coding history... Requires authentication: Run `tribe login` first. Most commands need an active session.

The artifacts explicitly request authenticated access to broad team coding history, but do not define least-privilege scopes, account boundaries, or what data the active session can access.

User impactA connected account could expose sensitive team code history, prior prompts, commands, files, and project context to the skill's workflows.

RecommendationUse a least-privilege account or workspace, confirm team approval, and verify exactly which repositories, sessions, and projects the Tribe login can access.

Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Memory and Context Poisoning

SeverityHighConfidenceHighStatusConcern

SKILL.md

Search across all coding sessions... tribe extract <session-id> --type code... tribe kb sync... tribe kb extract... Force sync: `tribe -force` (current folder) or `tribe -force -all` (everything).

The skill supports broad retrieval, extraction, syncing, and reuse of prior sessions and knowledge-base content, including code, commands, files, and potentially everything, without clear exclusions, retention limits, or trust rules for reused context.

User impactPrivate code, commands, notes, and session history may be indexed, synced, or reused in future agent work, including if stale or untrusted content is present.

RecommendationDefine allowed projects and file types, exclude secrets and private notes, review retention/sync behavior, and avoid `-force -all` unless the scope is fully understood.

Insecure Inter-Agent Communication

SeverityMediumConfidenceHighStatusConcern

SKILL.md

Spawn and interact with subagents:
tribe muse spawn "Fix the login bug" fix-login
tribe muse prompt fix-login "Please also add tests"
tribe muse output fix-login 100
tribe muse review fix-login

The skill routes tasks, prompts, outputs, and reviews through subagents, but the artifacts do not describe subagent identity, permissions, isolation, or what session/project data each subagent can see.

User impactSensitive project context or instructions may be shared across multiple agents without clearly defined boundaries.

RecommendationRequire explicit user approval before sharing sensitive context with subagents and document agent identities, permissions, and data-sharing limits.