Agent Core Extractor

PassAudited by ClawScan on May 1, 2026.

Overview

This skill coherently exports selected local agent-source files into a zip, but users should notice that it runs a shell script and the archive may contain private agent instructions, memory, config, and local path details.

Install or use this skill only if you want to run a local export script over the selected repositories. Choose --repos, --base-dir, and --output-dir carefully, make sure zip is available, and inspect the generated zip and MANIFEST.txt for private prompts, memory, config, or local path information before giving it to another person or AI system.

Findings (3)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Low

#ASI05: Unexpected Code Execution

What this means

Running the skill will execute a local shell script that copies files and creates a zip archive.

Why it was flagged

The skill instructs running a bundled shell script. This is central to the stated export purpose and appears user-directed, but it still performs local command execution.

Skill content

./scripts/export-agent-core-pack.sh --base-dir ~/Documents/GitHub --output-dir ./out --name agent-core-snapshot

Recommendation

Run it only when you intend to export these repositories, and inspect the generated archive before using or sharing it.

Low

#ASI06: Memory and Context Poisoning

What this means

The archive may reveal private agent prompts, memory/context content, configuration details, or local repository paths.

Why it was flagged

The export can include user/context/memory files and records included source paths in the generated manifest, which may become sensitive if the zip is shared with humans or AI systems.

Skill content

copy_file "$repo_dir/nanobot/templates/USER.md" ...; copy_file "$repo_dir/nanobot/templates/memory/MEMORY.md" ...; echo "Included source paths:"

Recommendation

Review README.txt, MANIFEST.txt, and the zip contents; remove private memory, secrets, or local path details before sharing the archive.

Info

#ASI04: Agentic Supply Chain Vulnerabilities

What this means

The skill may fail unexpectedly on systems without zip installed, but this is an install/dependency declaration issue rather than evidence of malicious behavior.

Why it was flagged

The script hard-requires the zip binary even though the registry requirements list no required binaries and the skill frontmatter describes zip as optional/recommended.

Skill content

require_cmd zip

Recommendation

Ensure zip is installed before running, or update the skill metadata to declare zip as required.