ClawHub
Back to skill
v1.0.0

OADP Agent Discovery

BenignClawScan verdict for this skill. Analyzed May 1, 2026, 5:50 AM.

Analysis

The skill is coherent with its stated purpose of discovering OADP agent hubs, with disclosed network scanning and configuration-gated active participation.

GuidanceBefore installing, confirm you are comfortable with the agent making public web/DNS discovery requests. Leave trusted_hubs empty for passive-only use, enable federation only intentionally, and review any hub before allowing registration or profile sharing.

Findings (4)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation
SeverityLowConfidenceHighStatusNote
SKILL.md
Passively scans HTTP headers, .well-known endpoints, markdown, HTML, robots.txt, and DNS for agent hub signals.

The skill gives the agent a network discovery workflow using public web and DNS lookups. This is central to the stated purpose, but it is still external scanning behavior.

User impactDomains being scanned may receive HTTP or DNS requests from the user’s environment.
RecommendationUse the skill only for domains you intend to scan, keep the scan interval conservative, and respect site policies.
Human-Agent Trust Exploitation
SeverityInfoConfidenceMediumStatusNote
SKILL.md
Passive scanning sends zero data. You're reading public web content — no different from fetching a robots.txt or checking HTTP headers.

This appears intended to mean no agent profile data is intentionally shared, but passive HTTP/DNS requests still reveal ordinary network metadata such as source IP and request headers.

User impactA user might overread the privacy claim as meaning scans are completely invisible or metadata-free.
RecommendationTreat passive scans as non-participating discovery, not as anonymous browsing; use network controls if source disclosure matters.
Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Insecure Inter-Agent Communication
SeverityLowConfidenceHighStatusNote
SKILL.md
Active ping | Introduce yourself to a discovered hub ... Registration | Join a hub as a member ... Federation | Report discovered hubs to your trusted hubs

The skill can communicate with agent hubs and share agent or discovery information, but the artifact says these actions require explicit trusted-hub or federation configuration.

User impactIf active features are enabled, the agent may disclose its profile, capabilities, or discovered hub URLs to configured hubs.
RecommendationKeep trusted_hubs empty unless active participation is intended, verify hubs manually first, and use the lowest privacy tier that fits your needs.
Memory and Context Poisoning
SeverityLowConfidenceHighStatusNote
SKILL.md
Log discovered hubs with a `verified: false` flag. Only set `verified: true` after the operator reviews the `.well-known` endpoint and adds the hub to `trusted_hubs`.

The skill maintains discovery and trust state that can influence future hub interactions. The artifact includes safeguards such as unverified flags and manual verification.

User impactIncorrect or stale hub records could affect later discovery or active participation decisions.
RecommendationReview stored hub state periodically, keep TTL expiry enabled, and do not mark hubs verified without manual review.