Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Agent Emacs
v1.0.0Unified persistent text-based environment for AI agents. Use when an agent needs to maintain state across sessions, perform structural code editing, or manag...
⭐ 1· 435·2 current·2 all-time
byPi@pitze
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The name/description and the SKILL.md align: this is explicitly an Emacs-based persistent environment that will manage buffers, perform structural edits, and use TRAMP for remote files. However, the skill expects the operator to have SSH access to remote nodes (TRAMP workflows) even though no credentials or environment variables are declared and no guidance is provided about where keys come from. Also the bootstrap script copies assets/agent-init.el from an assets/ directory that is not present in the package — a functional mismatch.
Instruction Scope
The runtime instructions tell the agent to open TRAMP remote files and to run arbitrary shell commands (via (shell-command "...") in a remote buffer). That directly enables remote code execution and file access on hosts reachable via SSH. The SKILL.md also advises disabling Emacs lockfiles and spawning 'sub-agents' for chunk processing, which broadens the skill's operational scope beyond simple editing and increases risk of unexpected actions or resource contention.
Install Mechanism
There is no network install spec (this is instruction-only), and the only shipped executable is a small bootstrap script. That is low-risk from an installation-download standpoint. However, scripts/bootstrap.sh references assets/agent-init.el (it copies assets/agent-init.el to ~/.emacs.d/init.el) but the 'assets' directory and agent-init.el are not present in the provided file manifest — the bootstrap step will fail or behave unexpectedly unless the missing file is supplied.
Credentials
The skill declares no required environment variables or primary credential, yet its core functionality (TRAMP/SSH remote files and persistent daemon) implicitly requires SSH credentials or agent-forwarding to access remote hosts. The lack of declared credential requirements is an omission: users might inadvertently allow the agent to use existing SSH keys or agent sockets. The SKILL.md explicitly recommends running shell commands in remote buffers, which could access sensitive remote data without any additional safeguards.
Persistence & Privilege
The skill creates/uses a persistent Emacs daemon and treats buffers as long-lived state; this is consistent with the stated purpose but increases blast radius: an agent that lives in a daemon can retain secrets, open connections, and hold state across sessions. The skill does not set always:true and does not modify other skills' configs, which is appropriate, but you should be aware the daemon can maintain long-lived network sessions and in-memory data.
What to consider before installing
Before installing or running this skill:
- Inspect the missing asset: scripts/bootstrap.sh copies assets/agent-init.el, but that file isn't included. Do not run bootstrap until you have reviewed the agent-init.el that will become your ~/.emacs.d/init.el.
- Review agent-init.el for any code that disables safety features (lockfile behavior, remote eval, package downloads, credential storage).
- Understand and control SSH access: TRAMP will use whatever SSH keys/agent/socket are available to the user. If you do not want the agent to reach certain hosts, restrict or remove corresponding keys or limit TRAMP usage.
- Treat the Emacs daemon as a persistent runtime that can hold secrets and open long-lived connections; consider running it in a confined environment or container if you need isolation.
- If you need only local editing, disable or avoid the TRAMP workflows in the skill to reduce risk.
- Because the package is missing assets, ask the publisher for the full package or source the agent-init.el yourself and audit it before proceeding.Like a lobster shell, security has layers — review code before you run it.
latestvk97bebqmzxn057c7ewa7qvd6w581we0y
License
MIT-0
Free to use, modify, and redistribute. No attribution required.