Alexandrie

WarnAudited by ClawScan on May 10, 2026.

Overview

The skill does Alexandrie note CRUD as advertised, but it is hard-coded to a specific account and uses an undeclared local password/session that can read, change, or delete private notes.

Install only if you intentionally want this agent to operate the eth3rnit3 Alexandrie account at the listed API. Verify the password file, understand that note content may be read/changed/deleted through the API, and add explicit confirmation for destructive actions before using it on important notes.

Findings (3)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

High

#ASI03: Identity and Privilege Abuse

What this means

If the password file exists, the agent can authenticate as that account and access or modify private Alexandrie notes.

Why it was flagged

The script logs into a fixed external Alexandrie account using a password from a specific local file and stores a reusable session cookie. This is high-impact account access, especially because the registry declares no credential or env-var requirement.

Skill content

BASE_URL="https://api-notes.eth3rnit3.org/api"
USERNAME="eth3rnit3"
TOKEN_FILE="/tmp/alexandrie_cookies.txt"
source /home/eth3rnit3/clawd/.env 2>/dev/null || true
PASSWORD="${ALEXANDRIE_PASSWORD:-}"

Recommendation

Only use this if you own/control this Alexandrie account. Declare the credential requirement, make the API URL and username configurable, and store session cookies in a clearly scoped, protected location.

Low

#ASI02: Tool Misuse and Exploitation

What this means

A mistaken command or misunderstood node ID could overwrite or delete note content.

Why it was flagged

The script exposes direct update and delete operations. These are expected for a CRUD skill, but they mutate or remove notes immediately when invoked.

Skill content

auth_curl -X PUT "$BASE_URL/nodes/$NODE_ID" ...
auth_curl -X DELETE "$BASE_URL/nodes/$NODE_ID" | jq '.'

Recommendation

Require explicit user confirmation before update/delete operations and keep backups or recovery options for important notes.

Info

#ASI04: Agentic Supply Chain Vulnerabilities

What this means

The skill may fail or behave unexpectedly unless the local environment matches the author’s setup.

Why it was flagged

The included script depends on curl, jq, and an external .env file, while the registry requirements list no required binaries or env vars. This is not malicious by itself, but it under-describes the runtime setup.

Skill content

curl -s -c "$TOKEN_FILE" ... | jq '.'
source /home/eth3rnit3/clawd/.env 2>/dev/null || true

Recommendation

Declare required binaries and configuration explicitly, or document a user-specific setup process before use.