PulseMindX
AdvisoryAudited by Static analysis on May 4, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The installed agent could depend on prompt or identity files that were not part of this review, making its real behavior unclear.
The provided manifest contains only readme.md, skill.json, and skill.md, with no install spec or code files. Referenced prompt files that would shape agent behavior are not available for review.
The agent uses the same prompt files already present in the repository: • AGENTS.md • SOUL.md • IDENTITY.md • USER.md ... those files will be copied to the agent’s local directory.
Ask the publisher to include the referenced prompt files in the package or remove the copy claim, and inspect any AGENTS/SOUL/IDENTITY/USER files before use.
Business or personal data shared during analysis could be reused in later tasks or influence future responses unexpectedly.
Persistent or automatically recalled memory is not bounded by retention, opt-out, data type, or review controls, and it conflicts with SKILL.md’s claim that sensitive data is not stored permanently.
Decision support – Stores memory snippets, performs recall, and surfaces relevant snippets automatically.
Use only with clear memory controls; avoid confidential data unless storage, deletion, and recall behavior are documented and user-controlled.
If connected to other installed skills, the agent may be able to act across external tools in ways the reviewed SKILL.md does not clearly describe.
This describes broad tool chaining and potentially mutating administrative actions without naming the tools, scopes, approval flow, or rollback behavior, while SKILL.md separately says it does not execute external operations.
Admin & reports – Generates status cards, schedules tasks, and can interface with common tools via installed skills.
Only enable tool integrations after explicitly confirming which tools can be used, what actions are permitted, and when user approval is required.