v0.1.0

How To Use Agent

BenignClawScan verdict for this skill. Analyzed Apr 30, 2026, 11:41 AM.

Analysis

This instruction-only skill is purpose-aligned for controlled agent self-improvement, but users should review any approved changes to memory, prompts, tool policies, and self-update surfaces because they can persist across future sessions.

GuidanceThis skill appears safe to install as an instruction-only guide, but treat any proposed edits to memory, prompts, AGENTS.md, tool policies, permission policies, startup logic, or self-update logic as high-impact. Before approving, require the agent to name the exact files, explain the risk, preserve existing data unless deletion is explicit, provide rollback steps, and record verification.

Findings (6)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation

SeverityLowConfidenceHighStatusNote

SKILL.md

system prompts, tool schemas, permission policies, connector policies

The skill explicitly covers tool schemas and connector/tool policy surfaces, which can affect how tools are used; however, it requires explicit approval, risk explanation, and rollback before modifying agent-owned data.

User impactApproved changes could alter how the agent uses tools, so a bad policy change could make future tool use broader or less predictable.

RecommendationOnly approve tool or connector policy changes after the agent lists the exact files, risk, verification plan, and rollback path.

Agentic Supply Chain Vulnerabilities

SeverityInfoConfidenceHighStatusNote

metadata

Source: unknown; Homepage: none

The skill has limited provenance metadata, although the provided artifacts contain no install script, no code files, and no dependency declarations.

User impactUsers have less external provenance information to verify the author or project history, but there is no executable install path in the supplied artifacts.

RecommendationRely on the visible artifact contents and registry owner information before installing; no dependency or install review is needed for this version.

Cascading Failures

SeverityMediumConfidenceHighStatusNote

SKILL.md

If the change touches memory, tools, prompts, runtime behavior, startup, restart, routing, delegation, or persistence, treat it as architecture work.

The skill covers core agent subsystems where mistakes can propagate, but it also requires architecture notes, phased migration, progressive rollout, freezing adjacent systems, verification, and rollback.

User impactA poorly planned change could affect multiple future agent behaviors or files, but the skill includes containment steps to reduce that risk.

RecommendationKeep approved changes small and phased, and require verification evidence before allowing the agent to update related systems or indexes.

Rogue Agents

SeverityMediumConfidenceHighStatusNote

SKILL.md

startup, restart, routing, planner, delegation, or self-update logic

The skill may be used for self-update and lifecycle-related agent logic, which can affect future operation; the artifact bounds this with explicit approval and staged rollout requirements.

User impactIf a user approves overly broad changes, future agent startup, routing, or self-update behavior could change in ways that are hard to notice later.

RecommendationDo not approve broad self-update or startup/routing changes in one step; require a small first landing, clear rollback, and recorded verification.

Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse

SeverityMediumConfidenceHighStatusNote

SKILL.md

permission policies, connector policies

Permission and connector policies are privilege-boundary surfaces; changing them can affect what the agent or integrations may do, though the skill requires explicit consent and rollback details.

User impactIf approved carelessly, future agent behavior could receive broader permissions than intended.

RecommendationReview permission-related changes especially carefully and approve only narrowly scoped, reversible updates.

Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Memory and Context Poisoning

SeverityMediumConfidenceHighStatusNote

SKILL.md

durable memory files, knowledge bases, wiki indexes, recall databases

The skill is designed to modify persistent memory and knowledge surfaces that future agents may reuse, which makes correctness and approval important.

User impactIncorrect or unsafe changes could persist across future sessions and influence later agent decisions.

RecommendationApprove memory or knowledge-base changes only when the agent identifies exact paths, what will change, what could be lost, and how to roll back.