ClawHub
Back to skill
v0.1.0

AgentDojo

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 6:02 AM.

Analysis

Prompt-injection indicators were detected in the submitted artifacts (ignore-previous-instructions); human review is required before treating this skill as clean.

GuidanceBefore installing, confirm you actually want a daily autonomous learning loop, adjust the 04:00 schedule, agent list, token/cost caps, and output paths, and start with the conservative profile while reviewing the first few daily reports. ClawScan detected prompt-injection indicators (ignore-previous-instructions), so this skill requires review even though the model response was benign.

Findings (3)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Rogue Agents
SeverityLowConfidenceHighStatusNote
SKILL.md
Default schedule is night run (04:00 local time).

The skill is intended to run on a schedule rather than only during an interactive request, but this is clearly disclosed and described as user-configurable.

User impactIf enabled with a scheduler, it may run daily, consume model budget, fetch sources, and create reports without a fresh manual prompt each time.
RecommendationReview and explicitly configure the schedule, enabled agents, and budget caps before turning on any cron or automation.
Tool Misuse and Exploitation
SeverityLowConfidenceHighStatusNote
config/drills/backend.yaml
allowedTools:
  - web_search
  - web_fetch
  - read

The drills may use web and read tools, which is expected for a web-learning skill; other configuration files add caps on tool calls, network fetches, writes, and runtime.

User impactThe agent may retrieve external content and read local skill/configuration material during drills.
RecommendationKeep the conservative profile initially, verify allowed tools match your workspace policy, and avoid granting broader tools than the drills need.
Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Memory and Context Poisoning
SeverityLowConfidenceHighStatusNote
config/agentdojo.config.yaml
reportPath: reports/daily
ledgerPath: state/ledger
runPath: state/runs
scorePath: state/scores
auditPath: audit/events.ndjson

The skill persists run records, scores, ledgers, reports, and audit events that can inform later drill selection and reporting.

User impactSaved state and reports may accumulate over time and influence future recommendations or summaries.
RecommendationReview what is written to these paths, keep them workspace-local, and periodically clear or audit stored state if recommendations look stale or incorrect.