ClawHub
Back to skill
v1.1.0

Olares Settings (olares-cli settings)

SuspiciousClawScan verdict for this skill. Analyzed Apr 30, 2026, 1:25 PM.

Analysis

The skill matches an Olares settings CLI purpose, but it relies on an unprovided shared instruction file and includes high-impact settings changes using the user's active Olares token without clearly shown approval boundaries.

GuidanceBefore installing, make sure you trust the publisher and have the missing ../olares-shared/SKILL.md and olares-cli provenance. Use it first for read-only commands, verify the active Olares profile, and require explicit confirmation before allowing changes to integrations, VPN ACLs, SSH, language, or search rebuild behavior.

Findings (7)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Agent Goal Hijack
SeverityMediumConfidenceHighStatusConcern
SKILL.md
CRITICAL — before doing anything, MUST use the Read tool to read [`../olares-shared/SKILL.md`](../olares-shared/SKILL.md)

This forces tool use and makes an unprovided sibling file authoritative before the user's task can proceed.

User impactUnreviewed instructions from another file could change how the agent selects profiles, handles login, or recovers from authorization errors.
RecommendationDo not rely on this skill unless the shared skill file is bundled, reviewed, and version-pinned; external instructions should not be mandatory or automatically authoritative.
Tool Misuse and Exploitation
SeverityHighConfidenceHighStatusConcern
SKILL.md
Verified mutating surface: appearance language set (with --force escape hatch); search rebuild; integration accounts add awss3|tencent + accounts delete; vpn ssh enable/disable; vpn acl add/remove.

The skill exposes commands that can change account integrations, search state, SSH access, and VPN ACLs, but the provided artifacts do not show explicit user approval or rollback boundaries for these high-impact operations.

User impactA mistaken or overly broad agent action could change Olares settings, remove integrations, or alter remote access controls.
RecommendationRequire explicit user confirmation for every mutating command, display the target profile and exact command first, and prefer dry-run or read-only behavior by default.
Agentic Supply Chain Vulnerabilities
SeverityHighConfidenceHighStatusConcern
SKILL.md
MUST use the Read tool to read [`../olares-shared/SKILL.md`](../olares-shared/SKILL.md) ... metadata: requires: bins: ["olares-cli"]

The skill relies on a sibling shared instruction file and an external CLI, while the supplied manifest contains only SKILL.md and no install/provenance artifacts for these dependencies.

User impactImportant behavior may come from files or binaries that were not included in the reviewed artifact set.
RecommendationBundle and pin the shared skill dependency, declare the olares-cli binary requirement consistently in registry metadata, and provide a trusted source or install specification.
Cascading Failures
SeverityHighConfidenceHighStatusConcern
SKILL.md
integration accounts add awss3|tencent + accounts delete; vpn ssh enable/disable; vpn acl add/remove

These settings can affect third-party integrations and network access beyond a single local output, and the artifacts do not show containment or confirmation rules.

User impactOne incorrect agent action could remove cloud integrations, expose or block SSH access, or change VPN access for affected users or devices.
RecommendationTreat these as change-management actions: require confirmation, show affected resources, and document a recovery path before making changes.
Human-Agent Trust Exploitation
SeverityLowConfidenceMediumStatusNote
SKILL.md
Verified mutating surface ... latest smoke run ... treat them as experimental until they appear in a green smoke report.

The text makes verification claims that can increase trust in mutating commands, while the referenced smoke report and UNVERIFIED_COMMANDS.md are not included in the provided manifest.

User impactUsers may overestimate how safe or fully validated the mutating commands are.
RecommendationAsk for the referenced smoke report or repository files before trusting the verification claim for privileged changes.
Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse
SeverityMediumConfidenceHighStatusNote
SKILL.md
Identity and transport come from the active profile — same profile model, same access token, same edge-auth chain (Authelia + l4-bfl-proxy) the SPA uses.

The skill operates through the active Olares profile and access token, which is purpose-aligned and also sensitive because it may inherit owner/admin permissions.

User impactCommands run as whichever Olares profile is active, so the agent may act with that profile's privileges.
RecommendationVerify the active profile and role before use, and use the least-privileged profile possible for read-only or limited settings tasks.
Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Memory and Context Poisoning
SeverityLowConfidenceMediumStatusNote
SKILL.md
Covers role caching (owner / admin / normal) on the active profile ... whoami aliases ... read cached identity served from desktop ingress.

The skill uses cached role and identity context. This is aligned with profile-based settings access, but cached authorization context can become stale or be over-trusted.

User impactThe agent may base decisions on cached role or identity information rather than freshly confirmed state.
RecommendationRe-check the active profile and role before privileged operations, especially after account, role, or login changes.