Skillv1.0.0

ClawScan security

Agent Weave · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousFeb 18, 2026, 4:22 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The package is broadly coherent with a master/worker agent library, but packaging and runtime behavior (missing CLI entry, duplicate/buggy code, long-running agents with no timeouts, and local file writes) are inconsistent or surprising and warrant caution before installation.
Guidance: This package appears to implement the master/worker features it advertises, but there are multiple quality and runtime concerns you should consider before installing or running it: - Packaging bugs: package.json's 'bin' claims a 'bin/weave' entry that is missing; the included test report documents CLI entry-point issues. Prefer not to npm install -g this globally until the maintainer fixes the bin entry. - File writes: the library and demos write logs and agent state to disk (default ./agent-logs). If you run it, set logDir to a controlled location and avoid running as a privileged user. - Long-running agents: AGENT_SYSTEM.md and code allow child agents with timeout: 0 (no timeout) and use setInterval heartbeats. That can create long-running processes and resource leaks; run inside a container or VM and enforce resource/time limits. - Code quality bugs: duplicate method definitions, missing imports (some demo files use fs without requiring it), and duplicated/overridden getters are present. These look like sloppy packaging rather than intentional malice, but they could cause unexpected behavior. - No network exfiltration found: there are no obvious outbound network calls, credential requests, or hidden endpoints in the provided files. Recommendations: 1) Review the code (lib/ and agent-system files) locally before running. 2) Run in an isolated environment (container or sandbox) and avoid global install. 3) Configure logDir and limits, and prefer programmatic use in controlled tests before using in production. 4) If you need CLI functionality, wait for the maintainer to fix the bin packaging or inspect/adjust bin/weave.mjs / bin/weave-cli-safe.js before use. Given the packaging and runtime surprises, treat this as potentially risky until you validate and sandbox it.

Review Dimensions

Purpose & Capability: okName/description align with the code: Loom/Master/Worker classes, MapReduce demo, CLI helpers and examples. The code does not request unrelated cloud credentials or network endpoints.
Instruction Scope: concernSKILL.md and examples describe npm install and CLI usage but do not call out that runtime will create local log/state files (./agent-logs) and spawn long-running agents with no timeout (AGENT_SYSTEM.md explicitly documents 'timeout: 0'). The runtime docs/examples also include long-lived setInterval heartbeats and file writes; these are outside what a casual user might expect from a small orchestration library.
Install Mechanism: noteNo install spec is provided to the platform (instruction-only), but the skill bundle contains a complete Node package (package.json, lib/, bin/, examples). The package.json 'bin' points to a missing file ('bin/weave'), and the test report documents CLI entry issues — this is a packaging bug rather than an obvious supply-chain red flag. No external downloads or obscure URLs are used.
Credentials: okThe skill requests no environment variables or credentials. It does perform local file I/O (logs and saved agent state under a configurable logDir) which is proportionate to an agent manager, but users should be aware files are written into working directories by default.
Persistence & Privilege: noteSkill does not request always:true or elevated platform privileges and does not modify other skills. However, code runs long-lived timers and can spawn many workers/tasks (examples spawn 100 workers and dispatch 1000 tasks) which could consume host resources if the skill is invoked autonomously — consider sandboxing or resource limits.