Skillv1.0.0

ClawScan security

AgentMesh Governance · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousFeb 17, 2026, 9:52 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's files and instructions generally match the stated governance purpose, but there are a few implementation and supply-chain risks (unsafe shell→python string interpolation, ambiguous key handling, and optional pip installs from external sources) that merit caution before installing or running.
Guidance: This skill appears to implement the claimed governance functions and the included scripts match the description. Before installing or running it: (1) review the upstream 'agentmesh' package source if you plan to pip install it — installing packages runs remote code; (2) avoid passing untrusted or unsanitized input to the scripts because they interpolate shell args directly into python -c string literals (quotes or special characters could break the Python code or be exploited); (3) note that generate-identity.sh does not emit or save a private key despite its warning — verify key handling if you need persistent key material; (4) run the scripts in a sandboxed environment or container the first time, and audit the referenced GitHub repo and package code if you intend to rely on persistent trust/identity functionality.

Review Dimensions

Purpose & Capability: okName, description, and shipped scripts align with governance, trust scoring, identity verification, and audit logging. Requiring python3/pip is reasonable for the provided Python-based scripts. No unrelated env vars, binaries, or config paths are requested.
Instruction Scope: concernRuntime instructions are scoped to running the included scripts and (optionally) a backing 'agentmesh' Python package. However, the scripts embed user-supplied shell variables directly into python -c string literals (e.g., '$ACTION', '$DID', '$MESSAGE'), which can break or allow code injection if arguments contain unescaped quotes or malicious payloads. Also, generate-identity.sh warns to 'Store your private key securely' but the script does not expose or export the private key — this is confusing and could lead users to believe a private key was produced and saved when it was not.
Install Mechanism: noteNo install spec is included (instruction-only), which is low risk. SKILL.md suggests 'pip install agentmesh' or installing from a GitHub repo via pip (git+https://github.com/imran-siddique/agent-mesh.git). Installing an external Python package from PyPI or a git repo will execute third-party code on the host — a normal pattern but a supply-chain risk that users should audit first. The GitHub URL itself is a common host, not an obscure or shortened URL.
Credentials: okThe skill requests no credentials or special config paths. The operations performed (reading a local policy.yaml, returning JSON results) are proportionate to the governance use-case. There are no hidden environment variable accesses in the scripts.
Persistence & Privilege: okThe skill does not request permanent/always presence and does not modify other skills or global agent config. It runs as on-demand scripts and optionally delegates to an external Python package for persistent functionality; this is consistent with the described behavior.