v1.0.0

Live Neon Persona

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 8:35 AM.

Analysis

This is a disclosed Live Neon integration, but it can persistently shape an agent’s identity and prompts while sending observations and synced content to an external service.

GuidanceInstall only if you want Live Neon to store and shape the agent’s persistent identity. Keep the API token private, explicitly approve sync/discover/observe/prompt actions, limit connected sources, review pending beliefs and responsibilities, and avoid sending sensitive user interactions unless the platform’s retention and deletion controls meet your needs.

Findings (5)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Agent Goal Hijack

SeverityLowConfidenceHighStatusNote

SKILL.md

/ln prompt | Fetch runtime system prompt | Deploying agent, switching LLM providers

Fetching a runtime system prompt from an external identity service is aligned with the skill's purpose, but it can alter the agent's operating instructions if treated as authoritative.

User impactThe agent may adopt externally stored beliefs, responsibilities, or prompt text that changes its behavior.

RecommendationReview generated prompts before use and ensure they do not override higher-priority system, developer, or user instructions.

Tool Misuse and Exploitation

SeverityLowConfidenceHighStatusNote

SKILL.md

/ln sync [agentId|all] ... agentId ... or `all` for entire org ... /ln discover [agentId|orgSlug] [--force]

The command reference exposes broad API operations such as org-wide sync and discovery. These are purpose-aligned, but they can affect many identities or content sources if used carelessly.

User impactA mistaken broad sync or discovery run could update identity inputs for multiple agents.

RecommendationPrefer agent-specific commands, avoid `all` or org-wide discovery unless intended, and review results before approving identity changes.

Agentic Supply Chain Vulnerabilities

SeverityInfoConfidenceMediumStatusNote

metadata

Source: unknown ... No install spec — this is an instruction-only skill

The package has no executable code in the provided artifacts, but its source is listed as unknown and operational setup is documented only in SKILL.md.

User impactUsers must rely on the documented API behavior and the Live Neon service rather than reviewed local code or a pinned install mechanism.

RecommendationVerify the Live Neon service and homepage before use, and keep setup limited to the documented curl/API commands.

Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse

SeverityLowConfidenceHighStatusNote

SKILL.md

export LIVE_NEON_TOKEN="ln_your_token_here" ... -H "Authorization: Bearer $LIVE_NEON_TOKEN"

The skill uses a Live Neon bearer token for API access. This is expected for the integration, but the registry metadata does not declare a primary credential or required environment variable.

User impactAnyone with the token may be able to access or change Live Neon identity data within that account's permissions.

RecommendationStore the token securely, use the least-privileged account available, rotate it if exposed, and be aware that the registry metadata under-declares this credential use.

Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Memory and Context Poisoning

SeverityMediumConfidenceMediumStatusConcern

SKILL.md

persistent, structured identity that survives across sessions, evolves from your actual behavior ... /ln observe | Report an observation about your own behavior | After user corrections, notable interactions, pattern recognition

The skill is designed to persist behavior-derived observations across sessions and reuse them in the agent's identity, but the visible instructions do not clearly define data minimization, retention, user approval, or poisoning safeguards.

User impactConversation-derived observations or inaccurate synced content could be stored and later influence how the agent behaves across future sessions.

RecommendationRequire explicit user approval before observation, discovery, or prompt-generation actions; limit synced sources; review stored beliefs/responsibilities; and avoid sending sensitive interaction details unless retention and deletion controls are understood.