Network AI
PassAudited by ClawScan on May 10, 2026.
Overview
The skill appears to be a local-only orchestration toolkit, but it creates persistent local memory and advisory permission tokens that users should not treat as real security credentials.
This skill looks acceptable for local orchestration if you want shared blackboard state, budget tracking, and persistent project context. Before installing, understand that its grant tokens are not real authentication, and review or protect the local data/ directory because it can retain context, justifications, audit logs, and coordination state across tasks.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If another system treats these local grant tokens as real authorization, an agent could appear approved based only on a self-reported identity.
The skill explicitly says its permission tokens do not authenticate agent identity, even though they relate to sensitive resources such as PAYMENTS, DATABASE, and FILE_EXPORT.
Grant tokens issued by `check_permission.py` are advisory scoring outputs only — the caller-supplied `--agent` identity is not cryptographically verified.
Use these tokens only as advisory workflow signals. Require separate platform authentication, human approval, and scoped provider permissions before allowing payment, database, export, or email actions.
Bad instructions, stale decisions, or sensitive information placed in the project context could be repeatedly shown to agents and affect later work.
The skill intentionally stores persistent context that can be reused across agent sessions, so incorrect or maliciously edited context could influence future agent behavior.
Maintains a JSON file that stores long-lived project context... This context is injected into every agent session
Review project-context.json before injection, heed validation warnings, keep it out of untrusted write paths, and do not store secrets or private data in persistent context.
Sensitive text accidentally included in justifications may remain on disk and be visible to anyone with access to the workspace.
The artifacts disclose that free-text agent-provided justifications are persisted locally in an audit log.
The `justification` field in permission requests and the audit log (`data/audit_log.jsonl`) store free-text strings provided by agents. Do not include PII, secrets, or credentials
Avoid putting secrets, credentials, customer data, or other PII in justification fields, and restrict permissions on the data directory when using the skill.