ClawHub
Back to skill
v2.0.0

Olares Dashboard (olares-cli dashboard)

SuspiciousClawScan verdict for this skill. Analyzed Apr 30, 2026, 1:25 PM.

Analysis

The skill fits an Olares dashboard-helper purpose, but it relies on sensitive Olares credentials and a missing shared instruction file that are not clearly bounded in the published requirements.

GuidanceBefore installing, verify that you trust the skill owner, the local `olares-cli` binary, and the referenced `../olares-shared/SKILL.md`; use least-privileged Olares credentials, review any admin or `--user` actions, and prefer explicit confirmation before the agent runs dashboard commands.

Findings (8)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Agent Goal Hijack
SeverityMediumConfidenceHighStatusConcern
SKILL.md
before doing ANYTHING in this subtree, MUST Read [`../olares-shared/SKILL.md`](../olares-shared/SKILL.md)

The skill requires the agent to consult and trust an external sibling instruction file before the user's dashboard task, which can redirect the agent's goal if that file is missing, unexpected, or poisoned.

User impactThe agent may follow instructions from an unreviewed external file before answering or acting on your request.
RecommendationReview and bundle the referenced shared skill, or require explicit user approval before the agent follows external instructions.
Tool Misuse and Exploitation
SeverityLowConfidenceHighStatusNote
SKILL.md
`--watch` HTTP-polling semantics ... `--user` ... `--test-connectivity`

The skill is designed around invoking dashboard CLI operations, including polling, user-scoped views, and network connectivity checks. These are purpose-aligned but involve real tool/API activity.

User impactThe agent may run Olares dashboard commands that query your environment or perform connectivity checks.
RecommendationUse it only with a trusted Olares profile and confirm higher-sensitivity flags such as `--user` or connectivity testing.
Agentic Supply Chain Vulnerabilities
SeverityMediumConfidenceHighStatusConcern
SKILL.md
MUST Read [`../olares-shared/SKILL.md`](../olares-shared/SKILL.md)

The manifest contains only SKILL.md, so this mandatory sibling dependency is not bundled with the reviewed artifact and its provenance cannot be checked from the provided package.

User impactA missing or substituted shared skill could change login, credential, or recovery behavior without being visible in this package.
RecommendationPublish the shared dependency with the skill, pin its provenance, and keep registry requirements consistent with SKILL.md.
Unexpected Code Execution
SeverityLowConfidenceHighStatusNote
SKILL.md
requires:
    bins: ["olares-cli"]
  cliHelp: "olares-cli dashboard --help"

The skill expects use of a local `olares-cli` binary. That execution is expected for a CLI-dashboard skill, but it is a real local command dependency.

User impactUsing the skill may cause the agent to invoke the local Olares CLI and contact the configured dashboard service.
RecommendationEnsure `olares-cli` is installed from a trusted source and points to the intended Olares instance before use.
Cascading Failures
SeverityLowConfidenceHighStatusNote
SKILL.md
Any code generation, refactor or fix touching `cli/cmd/ctl/dashboard/**`, `cli/pkg/dashboard/**`, `cli/pkg/dashboard/format/**` ... MUST first Read this file end-to-end

The skill contemplates changes across multiple CLI, package, dashboard, and credential-related paths. Its red-lines provide some containment, but broad edits could propagate mistakes across the dashboard command tree.

User impactA poorly reviewed generated change could affect multiple dashboard commands or credential-related code paths.
RecommendationRequire a concrete plan and review diffs carefully before allowing broad refactors or generated edits.
Human-Agent Trust Exploitation
SeverityMediumConfidenceHighStatusConcern
metadata
Primary credential: none ... Capability signals: requires-oauth-token; requires-sensitive-credentials

The published credential requirement and the capability signals conflict, which can make the skill appear less sensitive than it is to a user reviewing install requirements.

User impactA user may install or invoke the skill believing no credentials are needed, while it actually depends on sensitive authenticated access.
RecommendationCorrect the registry metadata to clearly disclose OAuth/sensitive credential use, required binary dependencies, and admin-only behavior.
Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse
SeverityHighConfidenceHighStatusConcern
SKILL.md
profile selection, login, factory-injected `*http.Client`, and HTTP 401/403 recovery rules ... `RequireAdmin` guard for `--user` and admin-only commands

The skill depends on authenticated dashboard access and references admin-only operations, but the published requirements list no primary credential and do not define a clear approval or scope boundary.

User impactIf installed or invoked in the wrong context, the agent could use privileged Olares session access or admin-level dashboard views beyond what you intended.
RecommendationRequire an explicit credential contract, limit use to least-privileged profiles, and ask for confirmation before admin-only or `--user` operations.
Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Memory and Context Poisoning
SeverityMediumConfidenceHighStatusConcern
SKILL.md
Every dashboard verb depends on that foundation.

This makes the external `../olares-shared/SKILL.md` context foundational for all dashboard actions, creating a context-poisoning risk if that shared instruction file is untrusted or modified.

User impactCredential handling and dashboard behavior could be influenced by instructions outside the reviewed skill.
RecommendationTreat shared instruction files as part of the trusted package, review them together, and avoid letting untrusted workspace content define credential behavior.