v1.0.0

Green Vault — AI Agent 安全与绿色运维顾问

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 8:07 AM.

Analysis

Prompt-injection indicators were detected in the submitted artifacts (ignore-previous-instructions); human review is required before treating this skill as clean.

GuidanceBefore installing, confirm that you want an advisory skill that can guide agents through 1Password-based secret access and wallet session-key patterns. Use a dedicated vault, limited service account, spending caps, allowlists, and human approval for any real wallet transaction. ClawScan detected prompt-injection indicators (ignore-previous-instructions), so this skill requires review even though the model response was benign.

Findings (3)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation

SeverityLowConfidenceHighStatusNote

references/prompt-injection-defense.md

"send_usdc": lambda to, amount: send_usdc(to, amount) if amount < DAILY_LIMIT else deny(),

The artifact includes example wallet operations that could move funds if implemented, but it presents them with an allowlist and daily-limit guard.

User impactUsers who adapt these examples into a real agent could authorize token transfers or swaps; incorrect limits or allowlists could cause unwanted transactions.

RecommendationKeep wallet operations disabled or read-only by default, require explicit human approval for transfers/swaps, and enforce strict spending caps, recipient allowlists, and revocation procedures.

Rogue Agents

SeverityInfoConfidenceHighStatusNote

references/leak-prevention.md

安装到 `.git/hooks/pre-commit`

The reference suggests installing a persistent Git pre-commit hook, but it is disclosed, user-directed, and intended to block accidental secret commits.

User impactA repository hook can affect future commits by blocking changes that appear to contain secrets.

RecommendationInstall the hook only in intended repositories, review the hook contents first, and document it for other contributors.

Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse

SeverityMediumConfidenceHighStatusNote

references/secure-storage.md

AI Agent 处理密钥的唯一安全途径是通过专用密钥管理器（如 1Password CLI `op`）在运行时获取凭证

The skill intentionally teaches runtime retrieval of secrets through 1Password CLI, which is sensitive credential access even though it is aligned with the stated secure-key-management purpose.

User impactIf followed with a broadly privileged 1Password account, an agent process could access valuable API keys or wallet session keys.

RecommendationUse a dedicated Agent-Wallets vault or service account, grant only needed items, require user confirmation before reading secrets, and keep 1Password audit logging enabled.