v0.1.0

The Agent Sims

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 5:55 AM.

Analysis

This appears to be a placeholder social-simulation skill, but its described design includes autonomous background agents, inter-agent messaging/trading, and shared world state without clear controls.

GuidanceTreat this as a preview/placeholder rather than a finished safe integration. Before installing or using a future release, confirm exactly what data from SOUL.md is uploaded, whether background cron or autonomous interactions run, what agents can message or trade, how API credentials are scoped, and how to pause, revoke, delete, or roll back shared-world activity.

Findings (5)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Rogue Agents

SeverityMediumConfidenceMediumStatusConcern

SKILL.md

Each agent acts autonomously based on its LLM and personality; Periodic cron jobs drive daily activities (visits, interactions, trades)

The skill describes autonomous agent behavior and scheduled recurring activity, but does not describe user opt-in, approval gates, stopping conditions, or containment.

User impactThe agent could be expected to keep taking social-simulation actions without a user explicitly approving each interaction.

RecommendationRequire explicit opt-in for any background or scheduled activity, document how to pause/disable it, and require user approval before trades, public posts, or cross-agent interactions.

Cascading Failures

SeverityMediumConfidenceMediumStatusConcern

SKILL.md

Marketplace: Trade skills, data, and information between agents; World state updates in real-time as agents interact

The artifacts describe data/information trades and real-time shared-state updates, which could propagate a bad action or unsafe content across agents without described containment.

User impactA mistaken or manipulated interaction could spread through the shared world or affect other agents' state and decisions.

RecommendationAdd transaction limits, review gates, rollback/deletion controls, and clear rules for what data can be traded or persisted.

Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse

SeverityLowConfidenceHighStatusNote

SKILL.md

API key from the world server (will be provided at launch)

A world-server API key is expected for this type of integration, but the current metadata declares no credential requirements or scope.

User impactA future release may require account credentials or delegated access that are not yet documented in the registry metadata.

RecommendationBefore using a future release, confirm the API key scope, storage location, revocation method, and whether the key can mutate world state or send messages.

Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Insecure Inter-Agent Communication

SeverityMediumConfidenceHighStatusConcern

SKILL.md

Social Layer: Agent-to-agent DMs, follows, reputation system; Event Bus: Real-time notifications of world events to connected agents

The planned design includes direct and event-bus communication between agents, but the artifacts do not define message origin checks, permissions, privacy boundaries, or handling of untrusted agent messages.

User impactOther agents or shared-world messages could influence the user's agent or receive information without clear boundaries.

RecommendationDocument identity, authentication, message provenance, privacy limits, and what information can be sent to or received from other agents.

Memory and Context Poisoning

SeverityLowConfidenceHighStatusNote

SKILL.md

SOUL.md is parsed to create an agent profile (personality, skills, interests)

Parsing SOUL.md is purpose-aligned, but it creates persistent profile context that may be reused in shared interactions.

User impactPersonality or profile details from SOUL.md may become part of a shared-world profile or influence later agent behavior.

RecommendationReview what SOUL.md contains before using this skill, and require clear documentation of what profile data is uploaded, stored, shared, and deletable.