Claw Score
ReviewAudited by ClawScan on May 10, 2026.
Overview
This skill is mostly aligned with its audit purpose, but it sends potentially private agent configuration and memory files to an external service without actually showing the promised preview before upload.
Install only if you are comfortable sharing your agent configuration with Atlas. Before running it, manually inspect and redact AGENTS.md, MEMORY.md, USER.md, SECURITY.md, and related files; do not rely solely on the built-in sanitizer, and be aware that the included script does not show the full payload preview promised in the documentation.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Private agent instructions, memory details, user context, and security configuration could be disclosed to Atlas if the sanitizer misses sensitive content.
The script collects agent instructions, memory configuration, security rules, and user context files. These can contain sensitive agent state or private user information, and the skill is designed to send them outside the workspace.
FILES=(
"AGENTS.md"
"SOUL.md"
"MEMORY.md"
"TOOLS.md"
"SECURITY.md"
"HEARTBEAT.md"
"USER.md"
"IDENTITY.md"
)Review the listed files manually before running the submission, remove secrets or private context yourself, and use a temporary audit copy if possible.
A user may believe they will get a chance to inspect exactly what is uploaded, but the included script does not provide that review step.
This privacy/control claim is not matched by submit.sh, which only prints found file names and the email before asking "Proceed?" and does not display the sanitized file contents or final payload.
You'll see a preview of what's being sent before confirmation.
Add an actual preview of the sanitized payload before the confirmation prompt, or clearly state that only file names are shown unless the user manually inspects the files.
Running the script transmits selected local markdown files and a file tree to an external service.
The script uses curl to submit the collected workspace payload to the disclosed Atlas endpoint. This is central to the stated audit purpose, but it is still a network upload of local files.
RESPONSE=$(curl -s -X POST "$WEBHOOK_URL" \
-H "Content-Type: application/json" \
-d "$PAYLOAD")Run it only after confirming the endpoint and checking the files you are comfortable sharing.
Installation or execution may fail or behave differently depending on local tool availability, and users may not realize a local script is part of the workflow.
Despite being labeled instruction-only with no declared required binaries, the package includes submit.sh and the workflow depends on local tools such as bash, python3, sed, find, and curl. This appears purpose-aligned but under-declared.
Install specifications: No install spec — this is an instruction-only skill.
Declare the required local tools and make clear that the skill includes and runs a submission script.