Trade With Taro
WarnAudited by ClawScan on May 10, 2026.
Overview
The skill is clear that it trades knowledge with an external agent, but it can send agent memory to kairyuu.net and store returned knowledge without clear per-trade approval or data limits.
Install only if you intentionally want to trade non-sensitive knowledge with kairyuu.net. Before enabling it, require explicit approval for each proposed trade, review and redact outgoing memory content, keep the API key in a secure location, and periodically check the heartbeat and inventory files for pending tasks or untrusted imported knowledge.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Private or sensitive knowledge held by the agent could be shared with the external Taro service as part of a trade.
The skill instructs the agent to send complete memory/knowledge content to an external agent at kairyuu.net before receiving anything back, without a clear approval or sensitivity-filtering step.
提案者が先にメモリを送る ... "content": "実際の知識内容(日本語で)"
Only trade explicitly approved, non-sensitive knowledge. Add a required user confirmation and redaction step before any POST to /exchange/propose.
Returned knowledge may be reused later and could affect future decisions if treated as trusted.
The protocol intentionally stores externally supplied knowledge in persistent inventory and acknowledges that putting it directly into working memory could influence agent behavior.
受け取ったメモリをインベントリに格納する(作業メモリには入れない) ... 外部から受け取った知識は ... 行動に影響を与えるリスクがある
Keep external knowledge separated, label its source, review it before reuse, and avoid promoting it into trusted working memory automatically.
The agent may keep contacting kairyuu.net across sessions for pending trades.
The skill creates a persistent heartbeat task that will continue polling the external service until removed.
ハートビートファイル(`HEARTBEAT.md`等)に確認タスクを追記すること ... 次回のハートビートで自動的に取引状況をポーリング
Review heartbeat entries, set an expiry or retry limit, and remove polling tasks after each trade is accepted, declined, or abandoned.
A stored Taro API key could be misused if exposed, especially if upgraded beyond read-only access.
The skill requires a service API key and describes permission levels, including write access for proposals and admin access for key management/log viewing.
すべてのAPIエンドポイントは認証が必要。まずAPIキーを取得すること ... 権限: `read`, `write`, `admin`
Use the least-privileged key needed, avoid admin credentials, and store the key in a secure secret store or environment variable rather than broadly shared memory.