Clawdbot Knowledge
PendingStatic analysis audit pending.
Overview
No static analysis result has been recorded yet. Pattern checks will appear here once the artifact has been analyzed.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If invoked broadly, the agent could process or reorganize more local or business data than the user intended and connect it to database/search workflows.
The skill combines broad file organization, database integration, and indexing without stating allowed paths, approval requirements, or rollback boundaries.
scattered_files = self.organize_scattered_files(); mongodb_integration = self.integrate_mongodb(scattered_files); search_index = self.create_search_index(scattered_files)
Use only with explicit user-selected paths and read-only defaults; require separate approval before any file, database, or workflow mutation.
The skill may need access to sensitive databases, backups, or deployment systems without making those privilege boundaries clear to the user.
These roles imply privileged database and infrastructure authority, but the registry declares no credentials, environment variables, or scoped permission model.
**database-agent** - Datenbank-Management ... **backup-agent** - Backup und Wiederherstellung ... **deployment-agent** - Deployment-Automatisierung
Grant only least-privilege test credentials, avoid production deployment/backup access by default, and require explicit confirmation for privileged actions.
Private files or prompt-like documents could be stored and later reused as context, potentially exposing data or influencing future agent behavior.
The skill describes persistent database/search indexing of scattered files, but does not define path limits, exclusions, retention, or safe reuse rules.
**MongoDB-Manager** ... **Status**: Skalierbar, persistent ... search_index = self.create_search_index(scattered_files)
Require explicit include/exclude lists, retention limits, user review of indexed content, and rules that retrieved documents cannot override current user/system instructions.
Old bundled instructions could affect responses or tool selection if the orchestration/search system retrieves them without treating them as untrusted historical text.
The package contains prior conversation and agent-behavior instructions. If these files are indexed and later treated as authoritative context, they could redirect the agent away from the current user's intent.
Silent Replies ... responds with ONLY: NO_REPLY ... user: Use the "mcp-orchestral" skill for this request.
Do not index prior chat logs or system-prompt-like files by default; label retrieved content as untrusted evidence and prevent it from changing operating instructions.
A mistaken or unsafe output from one agent or workflow could be trusted and propagated to other agents or systems.
The skill coordinates many agents and workflows, but does not describe identity, origin, permission, or data-boundary checks between agents and MCP/Flowise components.
Flowise-Workflows orchestrieren ... agent_coordination = self.coordinate_agents(workflows) ... Koordination der 27-28 Super-Agenten
Define per-agent permissions, authenticate MCP/Flowise endpoints, log handoffs, and require approval before one agent's output triggers high-impact actions.
The system could create or coordinate autonomous agents beyond the user's immediate request if those instructions are acted on literally.
The bundled documentation describes unlimited/dynamic agent creation and scaling without showing user approval limits, timeouts, or a containment model.
Capabilities: Unlimited agent creation and management capabilities ... Implement dynamic agent scaling and resource management
Disable dynamic agent creation by default, set hard per-run limits and timeouts, provide a kill switch, and require explicit user approval for each new agent or long-running worker.
Users may not know which included scripts or code files are expected to run, making review harder.
The package is marked instruction-only while the manifest lists 38 code files and shell start/stop scripts; no automatic execution is shown, but the runtime/provenance contract is incomplete.
No install spec — this is an instruction-only skill.
Inspect the included code before running it and ask the publisher to document the intended entry points, dependencies, and setup steps.