Capacities Lookup

PassAudited by ClawScan on May 1, 2026.

Overview

This skill appears to do what it claims: search your Capacities workspace and return links, with expected token use and local caching to be aware of.

Before installing, make sure you are comfortable letting the agent search your Capacities workspace with CAPACITIES_API_TOKEN. Keep the API endpoint trusted, be aware that light metadata/cache files are stored locally, and avoid sourcing ~/.zshrc through the agent unless you understand what that file runs.

Findings (3)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Low

#ASI03: Identity and Privilege Abuse

What this means

Installing and using the skill lets the agent search the configured Capacities space using your API token.

Why it was flagged

The skill uses a Capacities bearer token and sends it to the configured API base URL, which is expected for searching a private Capacities workspace.

Skill content

"apiBaseUrl": os.environ.get("CAPACITIES_API_BASE_URL", "https://api.capacities.io") ... "Authorization": f"Bearer {token}"

Recommendation

Use a scoped or easily revocable Capacities token if available, keep CAPACITIES_API_BASE_URL/default config pointed at the official Capacities API, and remove the token when you no longer use the skill.

Low

#ASI06: Memory and Context Poisoning

What this means

Some Capacities metadata and lookup-related information may remain on disk in the workspace after use.

Why it was flagged

The skill writes persistent local cache/state files containing Capacities structures, spaces, and lookup cache data.

Skill content

DATA_DIR = WORKSPACE_ROOT / "data" / "capacities"
STRUCTURES_PATH = DATA_DIR / "structures.json"
SPACES_PATH = DATA_DIR / "spaces.json"
LOOKUP_CACHE_PATH = DATA_DIR / "lookup-cache.json"
STATE_PATH = DATA_DIR / "state.json"

Recommendation

Review or delete data/capacities if you do not want local Capacities metadata retained, especially on shared machines or shared workspaces.

Low

#ASI05: Unexpected Code Execution

What this means

If your ~/.zshrc contains commands with side effects, those commands may run when following this workflow.

Why it was flagged

The recommended workflow sources the user's shell startup file before running the Python script, apparently to load the API token from the shell environment.

Skill content

source ~/.zshrc >/dev/null 2>&1 || true
python3 skills/capacities-lookup/scripts/capacities_cli.py sync-structures

Recommendation

Prefer exporting CAPACITIES_API_TOKEN directly in the session or inspect your ~/.zshrc before allowing the agent to source it.