Dashboard Manager
PassAudited by ClawScan on May 1, 2026.
Overview
No malicious behavior is evident; the skill is scoped to a Jarvis dashboard JSON file, but it can silently/background read and rewrite persistent dashboard data.
Before installing, confirm that you want an agent skill to read and rewrite D:\Projets\ClaudBot\Jarvis_Dashboard\data.json, including logs, tasks, stats, and note status. Keep a backup of the file, verify the hard-coded path, and only enable silent/background sync if that behavior is acceptable.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A user relying only on registry signals might not realize the skill needs read/write access to a specific local dashboard file.
The registry metadata under-declares the fixed local file dependency/capability that the skill documents elsewhere; this is a review visibility issue, not hidden behavior.
Required config paths: none ... Capability signals: No capability tags were derived
Review SKILL.md and skill.json before installation, and declare the required file path/capabilities in registry metadata.
Using the skill can alter the local Jarvis dashboard data file, including marking notes processed or changing task/status records.
The implementation rewrites the configured dashboard JSON file. This is purpose-aligned, but it can change notes, logs, stats, tasks, and system status.
await fs.writeFile( DATA_FILE_PATH, JSON.stringify(db, null, 2), 'utf8' );
Use it only with the intended data.json path, keep backups, and review any workflows that automatically update notes or tasks.
Incorrect or untrusted content in data.json could affect future dashboard state or be treated as pending work.
The skill reads and updates persistent dashboard content that may later be reused as notes, logs, tasks, or status context.
- **Gestion des notes** : Récupération des notes pending et marquage comme processed - **Logging** : Ajout d'entrées dans l'historique - **Gestion des tâches** : Ajout et mise à jour
Treat data.json as persistent user data; avoid storing secrets there and review pending notes/tasks before relying on them.
The dashboard file may be updated during background or silent workflows rather than only after explicit chat commands.
The instructions disclose intended background/silent operation and periodic heartbeat updates. This fits the real-time dashboard purpose, but users should know it may update state without conversational prompts.
Ce skill est conçu pour fonctionner en arrière-plan ... Heartbeat toutes les 2 secondes ... Silent mode : Fonctionne sans intervention conversationnelle
Enable the skill only if background dashboard synchronization is desired, and provide a clear way to disable or pause it.