Selection Agent
WarnAudited by ClawScan on May 18, 2026.
Overview
This skill fits a marketing research use case, but it asks the agent to read hardcoded local tokens and run unreviewed code from a /tmp project before doing the work.
Review the referenced /tmp project, AGENT_CONFIG.md, and scripts before use. Remove hardcoded shared tokens, declare required credentials in metadata, use least-privilege keys, and require explicit user approval before running the script or accessing Ads, Sheets, Notion, Gemini, Semrush, or MySQL.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent could load and use sensitive API keys, OAuth access, and database credentials that may affect third-party accounts or internal data.
The skill directs the agent to read a local file containing all tokens and to use multiple service, OAuth, and database credentials, but the artifacts do not bound their scope or declare them in the metadata.
执行前必须读取: `/tmp/powerful-trendplus/AGENT_CONFIG.md` ... 写死了所有 Token ... `FB_ADS_TOKEN` ... `NOTION_API_KEY` ... `GEMINI_API_KEY` ... Google Workspace ... OAuth ... MySQL ... 数据库凭证
Do not use until credentials are explicitly declared, least-privilege scoped, and only accessed after user approval; avoid putting all tokens in a file the agent must read.
Installing or invoking the skill may cause the agent to run unreviewed local code with access to loaded credentials.
The skill tells the agent to execute a Python script from an absolute /tmp directory; the supplied package contains no reviewed code or install spec for this script, so the executed code provenance is outside the reviewed artifacts.
cd /tmp/powerful-trendplus source .env.local 2>/dev/null python3 scripts/run_full_research.py
Verify the referenced repository and script contents, pin the source/version, include the code in the reviewed package, and require explicit confirmation before execution.