v5.1.4

Network-AI

BenignClawScan verdict for this skill. Analyzed May 1, 2026, 5:46 AM.

Analysis

The skill appears to be a disclosed local multi-agent orchestration toolkit, with noteworthy but purpose-aligned persistence, permission-token, and external-delegation behaviors.

GuidanceThis skill is reasonable to install if you want local multi-agent orchestration, shared project memory, and budget/permission guardrails. Avoid putting secrets or personal data in justifications, blackboard entries, or project context, and verify any platform sessions_send settings before allowing delegated workflows to external models.

Findings (3)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse

SeverityMediumConfidenceHighStatusNote

scripts/check_permission.py

Evaluates permission requests for accessing sensitive resources
(DATABASE, PAYMENTS, EMAIL, FILE_EXPORT).

The permission system can issue local grant tokens for sensitive resource categories, including payments and email. The scripts shown do not access those services directly, but any surrounding workflow that honors these grants could give agents sensitive authority.

User impactIf connected to real database, payment, email, or export tools, agents may receive short-lived local permission grants based on the skill's automated scoring.

RecommendationOnly connect these grant tokens to real sensitive tools if you have reviewed the scopes, require human approval for impactful actions, and monitor the audit log.

Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Memory and Context Poisoning

SeverityMediumConfidenceHighStatusNote

scripts/context_manager.py

This context is injected
into every agent session so all agents share the same project-level awareness

The skill intentionally persists project context and reuses it across agent sessions. That is useful for orchestration, but stored goals, decisions, or banned approaches could influence future agents if inaccurate or poisoned.

User impactIncorrect or untrusted persistent context could steer later agent work, and sensitive details stored there may be repeatedly exposed to future agent sessions.

RecommendationReview project-context.json periodically, avoid storing secrets or sensitive personal data, and treat context updates as changes to future agent instructions.

Insecure Inter-Agent Communication

SeverityLowConfidenceHighStatusNote

SKILL.md

Workflow delegations via the host platform's sessions_send may invoke external model APIs.

The skill discloses that multi-agent delegation can use the host platform's sessions_send, which may send task content to external model APIs outside the bundled scripts.

User impactDelegated task content may leave the local machine through the host platform's model/session mechanism.

RecommendationBefore using delegated workflows, confirm your platform's sessions_send routing, model provider settings, and data-sharing policy.