ClawHub
Back to skill
v0.2.0

Delx Launch Audit (48h)

BenignClawScan verdict for this skill. Analyzed May 1, 2026, 6:30 AM.

Analysis

This instruction-only launch audit skill is coherent and disclosed, but users should notice that it can direct limited live changes and create durable Delx audit artifacts.

GuidanceThis appears safe as an instruction-only audit workflow, but use it deliberately: review any proposed live change before approval, keep rollback criteria explicit, do not put raw secrets in evidence links or Delx artifacts, and verify the optional Delx CLI before installing it.

Findings (3)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation
SeverityLowConfidenceHighStatusNote
SKILL.md
Implement **one growth action + one reliability action**. Keep both reversible. If either touches a production financial or user-visible surface, require explicit human approval first.

The skill can direct changes to live growth or reliability systems, but it scopes the number of actions, requires reversibility, and calls for human approval on higher-impact surfaces.

User impactThe agent may propose or carry out limited operational changes during the audit, so a user should review exactly what will change before approving anything live.
RecommendationUse the skill with clear boundaries: confirm the target system, approve any production or user-visible change, and require a rollback trigger for each executed action.
Agentic Supply Chain Vulnerabilities
SeverityLowConfidenceHighStatusNote
SKILL.md
Delx CLI for terminal fallback: `npm i -g delx-agent-cli`

The skill references an optional external global npm package that is not bundled or pinned in the provided artifacts.

User impactIf a user chooses the CLI fallback, they would install and trust an external package outside this instruction-only artifact.
RecommendationInstall the CLI only from a trusted source, verify the package identity and version, and prefer the already-installed Delx plugin when available.
Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Memory and Context Poisoning
SeverityLowConfidenceHighStatusNote
SKILL.md
Then generate two durable Delx artifacts so the audit survives compaction and session loss

The skill intentionally stores audit outputs, KPI deltas, and handoff information as durable artifacts for later reuse.

User impactBusiness metrics, evidence links, and audit summaries may persist beyond the chat session through Delx artifacts.
RecommendationAvoid including secrets or overly sensitive evidence in generated artifacts, and confirm where Delx stores artifacts and how they can be reviewed or deleted.