sharpinput
AdvisoryAudited by Static analysis on May 10, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A prompt-rewriting skill would have permission to run shell commands or modify files if misused or mis-invoked.
The skill is framed as prompt optimization and explicitly says not to do file operations, yet it grants Bash, Glob, Write, and Agent authority without tight limits.
allowed-tools: Read, Write, Glob, Bash, AskUserQuestion, Agent ... Do not use for directly answering the underlying task, coding, data analysis, or file operations.
Remove Bash and Glob unless there is a specific reviewed need, and restrict Write to an explicit, user-approved preference file workflow.
Your role, budget, project context, choices, or feedback may be stored and reused later without an obvious prompt each time.
The skill instructs the agent to persist session-derived user context and later reuse it silently, which can retain private details and bias future outputs.
After each interaction ... Read `references/user-preferences.json` ... Append this session's data to the `history` array ... Write back as valid JSON ... If `summary` exists, apply preferences silently
Make preference storage opt-in, show what will be saved, provide a reset/delete path, and avoid silent application of stored preferences.
The skill may autofill or bias prompts using someone else’s stored context, and it may reveal or rely on those defaults as if they were yours.
The bundled preference file is not empty; it contains a prior-looking profile that could be treated as the installing user's own preferences.
"context_autofill": { "role": "产品经理+独立开发者", "tech_stack": "SharpInput skill", "budget": "~6000", "team_size": 1, "domain": "互联网/Web开发" }Ship an empty preference file or clearly mark sample data as non-runtime, and require user confirmation before using any stored profile.
Sensitive prompt content may be shared with another agent process during high-risk reviews.
For Judge review, the skill sends the user's raw input and generated prompt paths to a general-purpose subagent.
`{{ORIGINAL_QUESTION}}` — The user's raw input ... Call the Agent tool ... "subagent_type": "general-purpose"Disclose Judge/subagent use to the user, minimize the data passed, and keep the Judge call bounded to explicit review cases.
Some non-trivial behavior may be under-specified or fail because a referenced orchestration file is missing.
The skill references AGENT.md as part of the runtime design, but that file is not present in the supplied manifest, leaving part of the intended orchestration unavailable for review.
Main orchestration | `AGENT.md` | full routing flow and handoff contract ... Read `AGENT.md` when the task is non-trivial
Include the referenced AGENT.md file or remove/update the runtime instructions so the shipped artifact set is complete.