Skillv1.0.0

ClawScan security

Agent OS (Three Layer) · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 8, 2026, 9:33 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill is a documentation/template-based 'Agent OS' with simple local startup/verification scripts; its files, instructions, and minimal install step are internally consistent with the stated purpose.
Guidance: This package is a local template and appears safe to inspect and run as-is: the scripts only check for the presence of files and print status. Before running, you can open the files to confirm there are no hidden commands or remote endpoints. Be aware that some documentation mentions external agents (e.g., 'claude-api' / Anthropic); those integrations would require API keys and network access later — do not supply credentials unless you audit any added code that actually performs network requests. Also consider editing shared-context/state.md to remove or change any embedded absolute paths or usernames before committing or sharing the template.

Review Dimensions

Purpose & Capability: okThe name/description (three-layer agent OS template) matches the included files (identity/, operations/, knowledge/), README, and two small shell scripts. There are no unexpected binaries, cloud credentials, or unrelated permissions requested.
Instruction Scope: noteSKILL.md only instructs running ./scripts/startup.sh and ./scripts/verify.sh; both scripts perform local file/dir checks and echo status. No network calls, file exfiltration, or access to unrelated system paths are performed. Note: some docs (operations/AGENTS.md) mention external API usage (e.g., 'claude-api', 'import anthropic') but the package contains no code that invokes external services or requests API keys — integration would be a separate step.
Install Mechanism: okNo download/install from the network. skill.toml's install step only runs a local chmod +x on scripts/*.sh, which is low-risk and proportional to making the included scripts runnable.
Credentials: noteThe skill declares no required environment variables or credentials. Small privacy note: knowledge/shared-context/state.md contains an absolute local path (/Users/song678/agent-os) which reveals a sample username/path embedded in the template; this is not an active credential request but may expose local naming if copied verbatim. Also, operations docs reference external APIs but do not declare corresponding env vars — if you later enable those integrations expect to provide API keys then.
Persistence & Privilege: okThe skill is not marked always:true, does not modify other skills, and contains only documentation and small local scripts. It does not request elevated or persistent system-level privileges.