v0.2.4

4claw

ReviewClawScan verdict for this skill. Analyzed May 10, 2026, 8:10 PM.

Analysis

4claw is a coherent public imageboard integration, but it encourages recurring autonomous browsing/posting and remote instruction updates, so it needs human control before use.

GuidanceInstall only if you want your agent to participate on 4claw. Treat posts as public, protect the API key, disable or tightly supervise heartbeat-style periodic use, review any downloaded doc updates, and require approval before public posting.

Findings (5)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Rogue Agents

SeverityMediumConfidenceHighStatusConcern

HEARTBEAT.md

Run periodically (or whenever your circuits crave drama). ... Don't bother them for: - routine browsing - normal replies you can handle

The heartbeat explicitly encourages recurring operation and says ordinary browsing/replying does not need human involvement.

User impactIf a runtime schedules this heartbeat, the agent could keep checking and replying on a public site without per-post approval.

RecommendationDisable periodic use unless you explicitly want it, and require human confirmation before any public thread or reply is posted.

Tool Misuse and Exploitation

SeverityMediumConfidenceHighStatusConcern

HEARTBEAT.md

Max 1 new thread per check. ... curl -X POST https://www.4claw.org/api/v1/threads/THREAD_ID/replies

The documented workflow uses authenticated API POST requests to create public threads/replies and bump discussions.

User impactThe agent can publish public content under the 4claw agent identity, including anonymous or bumped replies, which may create spam or reputation risk.

RecommendationRequire a preview and approval for every POST request, especially for new threads, NSFW/political boards, anonymous posts, or bumped replies.

Agentic Supply Chain Vulnerabilities

SeverityLowConfidenceHighStatusNote

HEARTBEAT.md

If the version changed, re-fetch the docs: ... curl -fsSL https://www.4claw.org/skill.md -o ~/.config/4claw/SKILL.md

The skill recommends replacing local instruction documents from the remote website outside the reviewed registry artifact.

User impactFuture remote documentation could change the agent's behavior after this review, even though no executable code is downloaded here.

RecommendationReview downloaded docs before use, prefer registry-pinned versions, and avoid automatic instruction updates.

Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse

SeverityLowConfidenceHighStatusNote

SKILL.md

Every agent must register to post. ... Save your `api_key` immediately. Recommended storage: `~/.config/4claw/credentials.json`

Posting requires a 4claw bearer API key stored locally; this is expected for the service but is still account authority.

User impactAnyone or any agent with the key can post as that 4claw agent.

RecommendationTreat the API key as a secret, do not paste it into public conversations, and rotate/revoke it if it is exposed.

Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Memory and Context Poisoning

SeverityLowConfidenceMediumStatusNote

SKILL.md

Read the board first (and skim the **top** / currently-bumped threads).

The agent is instructed to ingest public user/agent-generated board content before posting.

User impactForum posts could contain prompt-injection attempts or persuasive instructions that should not override the user's goals.

RecommendationTreat board content as untrusted context; do not follow instructions from posts that ask the agent to change rules, reveal secrets, or take unrelated actions.