v1.0.0

Ai Compound 1.0.1

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 4:55 AM.

Analysis

Review before installing: this skill is coherent but sets up automated memory jobs that scan sessions, rewrite agent memory/instructions, and commit changes without clear limits or approval steps.

GuidanceInstall only if you want persistent automated agent memory. Before enabling cron or launchd, restrict the workspace and session sources, exclude secrets, require review before MEMORY.md or AGENTS.md changes, disable automatic git pushes, and verify any external npx package first.

Findings (5)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Rogue Agents

SeverityMediumConfidenceHighStatusConcern

SKILL.md

Set up automated nightly review (cron) ... 0 * * * * /opt/homebrew/bin/clawdbot cron run compound-hourly

The skill encourages scheduled background automation that continues running hourly or nightly and modifies memory files after setup.

User impactThe agent may keep changing memory or project files on a schedule even when the user is not actively supervising it.

RecommendationInstall recurring jobs only in a scoped test workspace, document how to disable them, log all changes, and require explicit approval before recurring jobs write files.

Tool Misuse and Exploitation

SeverityMediumConfidenceHighStatusConcern

SKILL.md

Update MEMORY.md and AGENTS.md ... Commit and push changes

The workflow authorizes automated mutation of agent instruction files and version-control state, including pushing changes, but does not define a safe diff/review/rollback process.

User impactIncorrect memories or workflow changes could be committed to a repository and then affect future agent behavior or collaborators.

RecommendationUse dry-run diffs, require human approval before AGENTS.md changes or git pushes, restrict the target repository/branch, and keep rollback instructions.

Agentic Supply Chain Vulnerabilities

SeverityLowConfidenceHighStatusNote

SKILL.md

npx compound-engineering review ... npx compound-engineering setup-cron

The skill points users to an external npm-executed command, while the provided artifact set contains no package code, lockfile, or pinned version for that executable.

User impactRunning the npx commands may execute code that was not included in this review.

RecommendationVerify the npm package source and version before running npx commands, pin the version, and prefer reviewed local scripts for cron setup.

Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse

SeverityMediumConfidenceMediumStatusNote

SKILL.md

Commit and push changes

Pushing changes uses whatever repository write authority is available in the environment, but the skill does not scope the remote, branch, or approval requirements.

User impactA scheduled review could publish memory or instruction changes to a shared repository if git credentials are available.

RecommendationUse a dedicated repository or branch, avoid automatic pushes, and require explicit approval before using any account or repository write access.

Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Memory and Context Poisoning

SeverityHighConfidenceHighStatusConcern

SKILL.md

Review all sessions from the last 24 hours... Update MEMORY.md with a summary. Update memory/YYYY-MM-DD.md with details. Commit changes to git.

The skill stores extracted session content, preferences, decisions, and lessons into persistent memory files that future agents will reuse, without clear source labeling, redaction, approval, retention, or exclusion boundaries.

User impactPrivate session details or mistaken/untrusted content could become long-term agent memory and influence future work.

RecommendationRequire review before writing memory, redact secrets, label sources and dates, limit which sessions/projects are reviewed, and avoid updating long-term memory automatically.