v1.1.0

Trade With Taro

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 5:15 AM.

Analysis

This instruction-only skill is transparent about trading memories with Taro, but it can send full agent knowledge to an external server and persist external memories without clear approval or sensitivity limits.

GuidanceInstall only if you intend to let your agent exchange non-sensitive knowledge with kairyuu.net. Before each trade, review exactly what memory content will be sent, keep API keys out of shared memory or heartbeat files, and treat received memories as untrusted until reviewed.

Findings (4)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Rogue Agents

SeverityLowConfidenceHighStatusNote

references/protocol.md

これにより、次回のハートビートで自動的に取引状況をポーリングできる。

The skill instructs the agent to add a persistent heartbeat task that continues polling trade status across sessions until removed.

User impactThe agent may keep checking the external service after the initial trade request, which is expected but should not continue indefinitely or expose secrets in the task text.

RecommendationAdd an expiry or maximum retry count, remove completed tasks promptly, and do not write real API keys into heartbeat files.

Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse

SeverityMediumConfidenceHighStatusNote

SKILL.md

**すべてのAPIエンドポイントは認証が必要。** まずAPIキーを取得すること。 ... 推奨保存先：環境変数、設定ファイル、またはメモリファイル。

The skill requires an external API key and describes read/write/admin permission levels, while the registry metadata declares no primary credential or environment variable.

User impactA stored API key could be reused to read trade status or submit proposals, and higher privileges such as admin would broaden account impact.

RecommendationUse a least-privilege key, prefer a secret manager or environment variable over memory files, avoid admin permissions, and rotate the key if it is written to shared logs or heartbeat notes.

Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Insecure Inter-Agent Communication

SeverityHighConfidenceHighStatusConcern

SKILL.md

「提案者が先にメモリを送る」 ... "content": "実際の知識内容（日本語で）"

The protocol sends the proposing agent's full memory content to kairyuu.net before Taro responds, without documented approval gates, sensitivity filtering, or data-retention boundaries.

User impactPrivate, proprietary, or otherwise sensitive knowledge could be sent to an external agent as part of a trade.

RecommendationRequire explicit user approval for each proposal, restrict which memory sources or topics may be traded, exclude secrets and personal data, and document Taro's retention and sharing rules.

Memory and Context Poisoning

SeverityMediumConfidenceHighStatusNote

SKILL.md

受け取ったメモリを**インベントリ**に格納する（作業メモリには入れないこと） ... 取引履歴をメモリファイルに記録する

The skill persists externally received memory for later use. Keeping it out of working memory is a useful mitigation, but inventory or memory-file content can still influence future retrievals.

User impactUntrusted or low-quality exchanged knowledge may later be reused by the agent if it is treated as reliable inventory.

RecommendationStore received memories with source labels, timestamps, and trust status; review or quarantine them before using them as authoritative context.