agt0
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This skill is a coherent local storage helper, but users should notice that it depends on an external global npm CLI and can persist or delete local agent data.
This appears to be a purpose-aligned local storage skill. Before installing, be comfortable with using the external npm package, keep track of where agt0 databases are stored, back up important databases, and avoid persisting secrets or broad private folders unless that is your intent.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing the skill may require trusting runtime code from npm that is not included in the reviewed artifacts.
The skill depends on installing an external global npm package, while the artifact set contains only SKILL.md and no package code or install spec for review.
npm install -g @seekcontext/agt0
Install only from the expected npm package source, review the package if needed, and avoid using elevated privileges for installation unless required.
Mistaken SQL or filesystem commands could overwrite or delete data inside the agt0 database.
The documented virtual filesystem includes write, truncate, append, and delete operations; these are aligned with a storage skill but can modify or remove stored data.
`fs_remove(path [, recursive])` | INTEGER | Delete file/dir, returns deleted count
Review destructive commands before running them, keep backups of important .db files, and scope operations to the intended agt0 database.
Private notes, preferences, or task context stored in the database may persist beyond the current session.
The skill is designed to persist agent memory and state, which can retain user context for later reuse.
Local-first database + filesystem + memory in a single SQLite file
Do not store secrets or sensitive personal data unless needed, and periodically inspect or delete stored memory that should not persist.