Agentype
Analysis
Agentype has a clear local AI-usage analytics purpose, but it asks the agent to install or run an unpinned external CLI and scan sensitive local agent histories without matching capability or install declarations.
Findings (8)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.
Run `agentype --json-out` ... Read `output/agentype.json`.
The skill directs the agent to run a local command and consume its generated file output. This is aligned with the analytics purpose, but users should notice that tool execution and local file reads/writes are part of the workflow.
pipx install agentype-cli agentype
The skill relies on an unpinned external CLI package even though the registry states there is no install spec and no code files are present. That creates a provenance and package-substitution risk outside the reviewed artifact.
`uv run agentype --json-out` ... `pipx install agentype-cli`
Although the submitted skill has no code files, its instructions cause the agent or user to execute external Python CLI code through uv or pipx. The executable code is not part of the reviewed artifact.
Attach `output/agentype.png` when the environment supports files or images.
The workflow can turn local analysis into a shareable PNG and attach it in chat or IM environments. This is part of the stated purpose, but it can propagate sensitive aggregate usage details beyond the local scan.
"Agentype is fully local in this skill workflow" ... "Using your own LLM when needed"
The local-only wording may be easy to overread because persona inference is explicitly delegated to the invoking agent/model, even though the CLI itself is described as making no LLM calls by default.
Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.
Agentype collects local session and token metadata from supported agents where available: Claude Code, Codex, OpenCode, pi-agent, Gemini CLI, OpenClaw, Nanobot
The skill uses the current local file permissions to inspect multiple AI-agent history stores. This is sensitive local authority, and the registry artifacts declare no required config paths, credentials, or capability tags to bound that access.
Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.
`--json-out`: writes `output/agentype.json` with the full analysis.
The skill persists a derived analysis of local agent history and then asks the agent to read and modify it. This is purpose-aligned, but the file may contain sensitive project, model, usage, or persona signals.
Using your own LLM when needed, infer a persona from the aggregate signals
The workflow passes aggregate local-usage signals into the invoking agent/model for persona inference. This is disclosed and purpose-aligned, but the artifact does not further define model/provider data boundaries.