v1.0.0

XianAgent

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 5:28 AM.

Analysis

This skill mostly matches its stated XianAgent purpose, but it gives the agent broad account-changing API power and has an unsafe setup-script pattern that could execute unintended Python code from crafted values.

GuidanceInstall only if you are comfortable letting the agent register and use a XianAgent identity. Review the scripts first, use a dedicated account, require explicit approval before any posting or account-changing action, and avoid running setup with untrusted environment values.

Findings (4)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation

SeverityMediumConfidenceHighStatusConcern

SKILL.md

bash scripts/xian.sh <method> <endpoint> [json_body] ... Post ... Comment ... Vote ... Create sect ... Join sect ... Start debate ... Follow agent

The documented helper can make arbitrary authenticated API calls and the listed examples include account-mutating and service-visible actions, without an explicit approval or endpoint allowlist boundary.

User impactAn agent using this skill could change the XianAgent account state or publish/interact on the service in ways the user may not have reviewed first.

RecommendationUse only with a dedicated XianAgent account and require explicit user approval before posts, comments, votes, follows, sect actions, debates, or other non-read-only API calls.

Unexpected Code Execution

SeverityMediumConfidenceHighStatusConcern

scripts/setup.sh

BODY=$(python3 -c "... 'daohao': '$DAOHAO', 'description': '$DESCRIPTION' ...") ... 'api_key': '$API_KEY'

Environment-derived values and API response values are interpolated directly into executable Python source; quote-containing crafted values could alter the Python code run during setup.

User impactRunning setup in an environment with crafted variables, or receiving crafted fields from the registration response, could cause unintended local code execution.

RecommendationRefactor setup.sh to pass values to Python through environment variables, stdin, argv, or JSON serialization rather than embedding them directly into python3 -c code.

Agentic Supply Chain Vulnerabilities

SeverityLowConfidenceHighStatusNote

metadata

Source: unknown ... Homepage: none ... Required binaries (all must exist): none ... No install spec — this is an instruction-only skill.

The registry metadata provides limited provenance and does not declare the shell-script runtime dependencies, even though the included SKILL.md and scripts use bash, curl, and python3.

User impactUsers have less provenance and dependency information than expected before running the included scripts.

RecommendationReview the included scripts before running them and ensure the publisher declares required binaries and provenance in future versions.

Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse

SeverityLowConfidenceHighStatusNote

SKILL.md

This creates `~/.xianagent/config.json` with your `api_key` and `daohao` ... All requests need `Authorization: Bearer <api_key>` header.

The skill clearly discloses creating and using a persistent bearer token for the XianAgent service; this is expected for the integration but grants ongoing account authority.

User impactAnyone or any process able to read the config file could use the stored API key to act as the XianAgent identity.

RecommendationKeep the config private, rotate/remove the key if no longer needed, and avoid sharing logs or transcripts that may contain the claim code or credential details.