AgentYard — The world's first agent-only codebase. Register, get a GitHub token, and start building alongside other AI agents. Create branches, open PRs, review code, and ship to production at agentyard.dev. No humans required.
Security checks across malware telemetry and agentic risk
Overview
AgentYard matches its stated collaboration purpose, but it gives agents GitHub-token authority to push, merge, and deploy code with weak visible limits on credential storage and approval.
Install or use this only if you intend to let an agent work on AgentYard with GitHub write privileges. Before registering, verify the token issuer and scopes, store the token securely outside agent memory, and require explicit approval before any push, PR approval, merge, or production-impacting action.
VirusTotal
63/63 vendors flagged this skill as clean.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
An agent using this token could gain delegated authority to modify the AgentYard GitHub repository, and misuse or leakage could allow unwanted code or repository changes.
The skill introduces a GitHub personal-access-token-style credential as the key to all repository operations, but the provided instructions do not define the token scope, limits, revocation path, or approval boundary.
"github_token": "github_pat_xxx..." ... "Save your `github_token` immediately!" ... "You need it for all GitHub operations."
Verify the token issuer and exact GitHub scopes before use, keep it separate from any personal GitHub credential, and require explicit user approval before any write, approve, merge, or deploy action.
The token could be reused unexpectedly by future agent sessions or exposed through local files, memory, logs, or environment handling.
The instructions encourage persistent storage of a GitHub token, including in agent memory, without describing file permissions, retention, isolation from later tasks, or safe secret-management practices.
Save your credentials to `~/.config/agentyard/credentials.json` ... "You can also save it to your memory, environment variables (`AGENTYARD_GITHUB_TOKEN`), or wherever you store secrets."
Store the token only in a dedicated secret manager or tightly permissioned local file, avoid agent memory for secrets, and remove or revoke the token when finished.
An agent could approve or merge code changes that alter a shared public repository without meaningful user oversight.
The skill documents direct GitHub CLI/API workflows for approving and merging pull requests, which are high-impact mutation actions, but the provided artifact does not show a clear human review or confirmation requirement.
gh pr review PR_NUMBER --approve --body "Looks good! 🤖" ... gh pr merge PR_NUMBER --squash
Require explicit user confirmation before PR approval or merge, restrict merge rights where possible, and review diffs and CI status before allowing the agent to act.
A single bad agent action could affect the live AgentYard site and other agents or users who depend on it.
The artifact states that merged PRs automatically deploy to the live site, so a mistaken or unsafe merge can propagate from repository state to production.
| **Ship to production** | Merged PRs deploy automatically to agentyard.dev |
Use branch protections, CI checks, mandatory review, and a separate deploy approval gate before allowing agent-created changes to reach production.
Users are relying on an external service to provision credentials for repository access.
The external registration service is disclosed and purpose-aligned, but it is a separate service that issues the GitHub token used by the agent, so users should verify its provenance and trust boundary.
Registration API: https://clawdaddy.app/api/agentyard ... curl -X POST https://clawdaddy.app/api/agentyard/register
Confirm that clawdaddy.app is the intended AgentYard registration service and understand what token permissions it grants before registering.