Japan Business Operations (EDITION)

WarnAudited by ClawScan on May 10, 2026.

Overview

Review before installing: this is mostly a Japan knowledge API wrapper, but it uses a shared beta bearer token and persistent cloud memory without clear isolation or retention controls.

Install only if you are comfortable sending Japan-related queries, business context, and any memory content to edition.sh. Do not store confidential contacts, negotiations, legal/compliance plans, or personal details unless the provider offers clear user-specific authentication, retention, deletion, and isolation guarantees. Inspect and pin the optional MCP npm package before enabling it.

Findings (3)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Medium

#ASI03: Identity and Privilege Abuse

What this means

Requests and stored memory may not be clearly separated by user or account, and the shared token could be reused by anyone who has the skill text.

Why it was flagged

The skill provides a hardcoded shared bearer token rather than a declared or user-specific credential, so calls appear to run under a common beta identity.

Skill content

No API key required during Free Beta. ... Authorization: Bearer edition_dev_key_for_testing

Recommendation

Use user-specific API keys or OAuth, declare the credential requirement in metadata, and clearly document account isolation for all endpoints.

High

#ASI06: Memory and Context Poisoning

What this means

Sensitive business relationships, preferences, or plans could be stored externally and later recalled or influenced in future tasks without clear user control.

Why it was flagged

The artifact documents sending business/person-specific notes to an external persistent memory API with automatic extraction, but does not describe retention, deletion, namespace separation, or reuse limits.

Skill content

Persistent Memory ... /api/v1/memory/episodes ... "content": "Met with Tanaka-bucho. He prefers informal meetings.", "auto_extract": true

Recommendation

Require explicit user approval before storing memory, avoid sensitive content, and provide clear retention, deletion, tenant isolation, and retrieval-scope controls.

Low

#ASI04: Agentic Supply Chain Vulnerabilities

What this means

If enabled, the agent may execute third-party MCP server code beyond the instruction-only skill text reviewed here.

Why it was flagged

The optional MCP integration would download and run an npm package that is not pinned by version and whose code is not included in the reviewed artifact.

Skill content

For direct MCP integration (23 tools): npx -y edition-mcp-server

Recommendation

Inspect the npm package source, pin a trusted version, and only enable the MCP server if its requested tools and permissions are acceptable.