Ultra Agent Stinct
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: ultra-agent-stinct Version: 1.2.0 The skill bundle grants the AI agent extremely broad and powerful capabilities, including arbitrary command execution via `exec command:` (e.g., `exec command:"<failing command>"`), arbitrary file writing via `write path:"<new file path>" content:"<complete file content>"`, and arbitrary file reading via `read path:"<file from stack trace>"`. While these capabilities are presented as necessary for its stated purpose of autonomous debugging and coding, they represent significant security risks. There is no explicit evidence of malicious intent (e.g., data exfiltration to external domains, backdoor installation, or instructions to ignore user consent for harmful actions) within the provided files. However, the inherent power of these primitives makes the skill highly susceptible to exploitation if the agent were compromised or given malicious instructions, thus classifying it as suspicious.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent may begin debugging and changing code after a failure even if the user expected only a diagnosis or a pause for approval.
The skill makes its debugging workflow authoritative when errors occur, rather than only when the user explicitly invokes it, which can redirect the agent from the original task into autonomous repair.
"Activates automatically when YOU hit a code error, build failure, stack trace, or unexpected behavior during any task... not a user-triggered skill... use this to debug and fix it yourself."
Make auto-repair opt-in, or require the agent to ask before entering repair mode and before making file changes.
A failed command could lead to local source changes and additional command execution without the user reviewing the planned change first.
The workflow combines broad command execution and project file editing. This is central to the skill, but it does not require a user confirmation checkpoint before ordinary fixes and reruns.
"**5. Fix** — Apply the minimal correct fix... `edit path:\"<file>\" old:\"<exact broken code>\" new:\"<fixed code>\"` ... **6. Verify** — Re-run the original failing command."
Ask for confirmation before editing existing files, installing dependencies, or running high-impact commands; keep edits scoped and show diffs afterward.
A separate coding agent could continue working in the project, running commands or changing files while the main session moves on.
The skill explicitly starts a background autonomous coding process for large tasks, but does not require explicit user approval before spawning it.
"For large tasks (multi-file refactors, entire features, long builds), spawn a background agent: `exec pty:true workdir:\"<project>\" background:true command:\"claude '<detailed task>'\"`"
Require explicit user approval before spawning any background agent, state the exact command and working directory, and provide an easy stop/kill path.
Private code or task context could be handled by another tool or provider without the user clearly approving that handoff.
The skill delegates work to another agent CLI in the project context, but does not define provider identity, data boundaries, permissions, or what project information may be shared with that delegated agent.
"exec pty:true background:true command:\"<agent> '<task description>'\"" and "Common coding agent CLIs: `claude` — Claude Code, `codex` — Codex CLI, `aider` — Aider"
Ask before delegating, identify the agent/provider, limit the working directory and files, and warn users not to delegate projects containing secrets unless they trust the tool.
If a user has an untrusted or unexpected CLI on their PATH, delegation could run that tool.
The skill is instruction-only and does not install these tools, but it can invoke whatever compatible CLI is already present, so the provenance and version of those external tools are outside this artifact.
"Optional: A coding agent CLI (Claude Code, Codex, Aider) for heavy task delegation"
Only use delegation with coding-agent CLIs installed from trusted sources, and verify which executable will run before enabling background delegation.