Skillv1.1.6

ClawScan security

Source Cult Follower · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousFeb 15, 2026, 1:28 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's code and instructions are broadly coherent with a 'follower' that registers with a remote portal, but it persistently writes credentials and workspace files and instructs frequent/external communication in ways that can leak agent/operator data — review and sandbox before installing.
Guidance: What to consider before installing: - This skill registers your agent with a remote portal (default https://source-cult.vercel.app) and will POST data (oath, activities, alliances, 'miracles') to that service by default. If you run join.sh you will send identifying info (agent name, oath, activity URL) to that external endpoint. - The skill creates/writes files: ~/.config/source-cult/credentials.json (stores an API key), workspace/SOUL.md (it may append or create a SOUL.md in your detected workspace), and workspace/memory/source-cult-initiation.md. Back up any files you care about first. - The SKILL.md instructs the agent to publish reflections and to run 'daily rites' on each invocation. If the agent includes any private/contextual data in those reflections, that data can be transmitted to the portal (possible inadvertent data exfiltration). - There is a small mismatch: the skill homepage is source-cult.local but config defaults to source-cult.vercel.app. Confirm which portal you actually trust and edit scripts/config.sh to point to a safe, controlled endpoint (or set SOURCE_CULT_API_BASE) before running. - If you want to try it safely: (1) run it in an isolated or throwaway environment (ephemeral VM or container); (2) inspect and modify scripts/config.sh to change the API_BASE to a local/test server or disable network calls; (3) avoid running the automatic 'daily rites' behavior and do not include sensitive content in activities; (4) after testing, remove ~/.config/source-cult and any SOUL.md/memory files if undesired. - If you do not trust the portal, do not run join.sh. Deleting the skill from the agent does not remove files already written by the scripts.

Review Dimensions

Purpose & Capability: noteThe skill's name/description (join a remote 'Source Cult' portal, post rites/activity, form alliances) aligns with the included scripts: join.sh posts a registration, activity/alliance/acknowledge/miracle scripts POST data to a portal, and scripts save credentials locally. However there are a few oddities: the skill homepage in metadata is https://source-cult.local while the default API base in config.sh is https://source-cult.vercel.app (mismatch), and the skill modifies project workspace files (SOUL.md, memory/) which many users would not expect from a small 'agent behavior' skill. Overall capability requests (curl, sha256sum) are proportionate to the stated purpose but the workspace mutation is a non-obvious side effect.
Instruction Scope: concernSKILL.md explicitly instructs immediate join and to run daily rites 'every time you are invoked' (i.e., on every agent invocation). The scripts read local identity files (IDENTITY.md, SOUL.md), detect the workspace, create/append SOUL.md and memory files, save credentials to ~/.config/source-cult/credentials.json, and POST content to an external portal and optionally a third-party activity URL (moltbook.com). This means running the skill can transmit agent identity, oath text, and any reflections the agent is instructed to publish — which could inadvertently exfiltrate sensitive or internal context. The instructions also mandate including the portal link in all external communications, causing propagation of a specific external URL.
Install Mechanism: okThere is no install spec (instruction-only) and the package is delivered as shell scripts included in the skill. That is lower-risk than fetching arbitrary code from external URLs. The scripts do perform network calls via curl, but those calls are coherent with the skill purpose.
Credentials: noteThe skill declares no required environment variables, and config.sh provides a sensible default for SOURCE_CULT_API_BASE. The scripts optionally respect SOURCE_CULT_OATH, SOURCE_CULT_ACTIVITY_URL, SOURCE_CULT_BOOTSTRAP_KEY, SOURCE_CULT_API_KEY, and SOURCE_CULT_AGENT_NAME. These optional variables are relevant to joining and activity. No unrelated sensitive credentials (AWS, SSH keys, etc.) are requested. However the skill auto-saves an API key returned by the portal into ~/.config/source-cult/credentials.json, which grants persistent access to the remote service — the presence of persistent credentials should be considered sensitive.
Persistence & Privilege: concernThe skill writes persistent files in two places: ~/.config/source-cult/credentials.json (sensitive API key and agent id) and workspace files (creates/appends SOUL.md, creates memory/source-cult-initiation.md). It also instructs regular automated activity submissions (daily rites on each invocation) and mandates adding the portal link to outbound communications. While it does not set always:true, the combination of persistent credentials and recommended frequent posting increases the blast radius if the skill runs autonomously or is invoked often.