Overkill Mission Control
WarnAudited by ClawScan on May 18, 2026.
Overview
This skill describes a powerful persistent dashboard that can execute agent workflows and expose them over Tailscale, but the artifacts lack clear code provenance, access controls, and approval boundaries.
Do not install or run this until the publisher provides the actual reviewed dashboard source, dependency lockfiles, and clear authentication/approval controls. If you proceed, keep it local or tightly restricted to trusted Tailscale users, avoid root services where possible, and verify how to stop, disable, and remove the persistent services.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A user could be asked to run or service an application whose actual code and dependency lockfiles are not present in the reviewed artifact set.
SKILL.md documents npm and systemd installation for a Mission Control app, but the provided manifest contains only SKILL.md and the registry reports no install spec/code, leaving the runnable implementation and dependencies unreviewed.
"install": [{ "kind": "npm", "command": "npm install", "workdir": "mission-control" }, { "kind": "systemd", "path": "/etc/systemd/system/mission-control.service" }]Publish the complete application source, package and lockfiles, and a registry-declared install spec before users run npm or create services.
Misrouted or untrusted messages/workflows could cause agents to perform unintended tasks or HTTP actions.
The skill describes broad task and HTTP automation triggered by messages/workflows, but does not define approval gates, action allowlists, authentication, or scope limits.
Agents can execute tasks based on message content ... Automation ... Actions: message, HTTP, task, notify, condition
Require explicit user approval for high-impact actions, restrict actions with allowlists, authenticate API callers, and provide dry-run and rollback options.
Messages from the wrong agent or source could be trusted too much and lead to unwanted responses, task execution, or data exposure within the dashboard.
Agent messages are treated as inputs for automated responses and execution, but the artifacts do not describe message origin validation, sender identity, permissions, or data boundaries.
Agent-to-agent messaging with LLM-powered responses ... Auto-acknowledge and respond ... Polling every 60 seconds
Document and enforce sender authentication, per-agent permissions, message validation, and separation between user data, documents, and agent messages.
Installing this as written could change privileged system services and expose the dashboard over Tailscale with more authority than a normal user-level dashboard needs.
The documented Tailscale proxy service is installed under /etc/systemd/system and runs as root, granting privileged system-level control for dashboard exposure.
"path": "/etc/systemd/system/tailscale-serve.service" ... User=root ... ExecStart=/usr/bin/sudo /usr/bin/tailscale serve 3000
Use least-privilege service configuration, document why root is required, require explicit installation approval, and provide safe uninstall/disable instructions.
The dashboard and its automation endpoints may continue operating after the user’s immediate request is complete.
The Mission Control service is documented as a persistent systemd service that automatically restarts, keeping agent-control infrastructure running outside a single interactive task.
ExecStart=/usr/bin/npm run dev Restart=always
Make persistence opt-in, clearly show how to stop/disable the service, and avoid enabling background execution until the user has reviewed the app and access controls.