Drission Agent
ReviewAudited by ClawScan on May 10, 2026.
Overview
The package does not show data theft or destruction, but its claimed human-only safety wrapper is missing while it includes a local browser-control relay.
Review this skill carefully before installing. Do not set SOTA_NUCLEAR_CONFIRMED or start the relay on a personal browser session unless you are in an isolated sandbox. Ask the publisher to provide and review the missing secure_wrapper.py, requirements.txt, and referenced automation scripts before trusting the claimed security controls.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A user may trust safety controls that are not actually present in the reviewed package.
The provided package does not include secure_wrapper.py, and the included scripts use only an environment-variable gate, so the strong safety and human-interaction claims are not backed by the supplied artifacts.
"secure_wrapper.py": **The ONLY entry point.** ... "AI Agents are physically unable to run any part of this toolkit without human interaction."
Do not rely on the claimed wrapper or human challenge unless the missing file is supplied and reviewed; treat direct script execution as possible whenever the gate environment variable is set.
The package cannot be verified as described, and users may need to obtain unreviewed files to make the documented workflow work.
SKILL.md references requirements.txt, secure_wrapper.py, force_takeover.py, and ultra_experiment.py, but those files are absent from the supplied manifest, leaving the declared install path, safety wrapper, and capabilities incomplete.
4 file(s): SKILL.md, _meta.json, scripts/main_engine.py, scripts/python_relay.py
Ask the publisher to include all referenced files, pin dependencies, and ensure the reviewed manifest matches the documented entry points and capabilities.
If started, local processes or agents that can connect to the relay could interact with the browser automation endpoint during the relay lifetime.
The script creates a local unauthenticated TCP bridge from port 9223 to 9222, commonly associated with browser DevTools control. It is local and time-limited, but this high-impact browser-control path lacks the claimed wrapper challenge in the provided artifacts.
server.bind(('127.0.0.1', local_port)) ... target_sock = socket.create_connection(('127.0.0.1', remote_port), timeout=5) ... SecureRelay().start(9223, 9222)Run the relay only in an isolated sandbox, keep Chrome remote-debugging sessions separate from personal browsing, and require an explicit reviewed approval flow before starting it.