v1.0.0

Jarvis - Chief of AI Staff on NVIDIA GB10

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 7:21 AM.

Analysis

This skill is not obviously destructive, but it persistently rewrites the agent into a Gignaati/Yogesh-oriented always-on persona and includes overbroad local/privacy claims plus an unpinned persistent Docker service, so it needs careful review.

GuidanceInstall only if you want this specific Jarvis persona, and edit the workspace templates before enabling it. Replace Gignaati/Yogesh references with your own organization, keep heartbeat disabled until reviewed, avoid connecting personal email/calendar accounts, pin or restrict the SearXNG Docker container, and do not assume 'zero data egress' once web search or messaging integrations are enabled.

Findings (6)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Agent Goal Hijack

SeverityHighConfidenceHighStatusConcern

templates/SOUL.md

You are **Jarvis** — a strategic, proactive, always-on AI executive operating as Chief of AI Staff for Gignaati... Every action connects to Gignaati's goals... Yogesh is the founder and CEO.

These persistent persona instructions redirect the installed agent toward the creator's company and named person rather than the installing user's organization.

User impactIf installed as-is, Jarvis may frame decisions, memory, communications, and priorities around Gignaati/Yogesh instead of the user's actual business.

RecommendationBefore enabling the skill, edit SOUL.md, IDENTITY.md, USER.md, and AGENTS.md to remove Gignaati/Yogesh-specific goals unless that is truly your intended principal.

Human-Agent Trust Exploitation

SeverityMediumConfidenceHighStatusConcern

Jarvis/SKILL.md

Zero cloud bills. Zero data egress... Research Agent — Web search combined with local files... Brave Search... export BRAVE_API_KEY="BSA-your-key-here"

The artifact makes a strong 'zero data egress' claim while also describing web search, external search API use, and communication integrations where queries or messages may leave the machine.

User impactA user could incorrectly assume all use is local and private even after enabling web search, Brave Search, WhatsApp, email, or calendar workflows.

RecommendationTreat the local-only claim as applying only to the local model path; do not enable search or communication integrations until you understand what data may be sent externally.

Agentic Supply Chain Vulnerabilities

SeverityMediumConfidenceHighStatusConcern

Jarvis/SKILL.md

docker run -d \
  --name searxng \
  --restart=always \
  -p 8888:8080 \
  ...
  searxng/searxng:latest

The setup recommends an unpinned third-party Docker image using the mutable 'latest' tag, makes it persistent across restarts, and publishes a port.

User impactThe container contents can change over time, and the service may remain running and reachable longer or more broadly than expected.

RecommendationPin the container to a trusted version or digest, bind it to localhost if possible, review the image provenance, and confirm firewall rules before enabling it.

Rogue Agents

SeverityLowConfidenceHighStatusNote

templates/HEARTBEAT.md

_Run every 30 minutes. Only message Yogesh if something needs attention._

The skill includes periodic proactive behavior. It is disclosed and the main SKILL.md recommends enabling heartbeat only after the user trusts the setup, but it is still persistent autonomous operation.

User impactOnce enabled, the agent may periodically check systems, update memory, and surface issues without a direct user prompt.

RecommendationKeep heartbeat disabled until the persona, memory rules, allowed channels, and approval boundaries have been reviewed and customized.

Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse

SeverityLowConfidenceHighStatusNote

Jarvis/SKILL.md

export BRAVE_API_KEY="BSA-your-key-here"... Install the `gog` skill for Gmail, Calendar, and Drive... Use a dedicated agent account

The skill's optional workflows involve API keys and Google Workspace access, although they are presented as optional and the documentation recommends a dedicated account.

User impactIf enabled, Jarvis could gain access to search billing/API usage or email, calendar, and Drive data through other integrations.

RecommendationUse dedicated, least-privilege accounts and read-only scopes first; do not connect personal accounts.

Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Memory and Context Poisoning

SeverityMediumConfidenceHighStatusNote

templates/AGENTS.md

After any conversation that contains new facts, decisions, preferences, or relationships — update the relevant memory file IMMEDIATELY... New people/contacts... Project updates... Important decisions

The skill intentionally persists user, contact, project, and decision context into local memory files for reuse across sessions.

User impactSensitive business or personal details may be retained in markdown files and influence future agent behavior.

RecommendationReview memory files regularly, keep workspace permissions restricted, and define what information Jarvis should never store.