ClawHub
Back to skill
v0.1.1

Halo Cli Moderation Notifications

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 7:48 AM.

Analysis

This skill does what it says, but it gives an agent Halo moderation powers to approve, post, bulk-update, and force-delete content or notifications, so it needs review before installation.

GuidanceInstall only if you want an agent to help moderate Halo through your existing CLI. Before allowing it to act, confirm the Halo profile, site, and exact comment/reply/notification IDs, and require explicit approval for public replies, approvals, `--force` deletes, and `--all` operations.

Findings (3)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation
SeverityMediumConfidenceHighStatusConcern
SKILL.md
halo comment delete comment-abc123 --force ... halo comment reply delete reply-abc123 --force ... halo notification mark-as-read --all ... Use `--force` for destructive deletes in non-interactive mode.

The skill documents destructive and bulk Halo CLI operations and specifically recommends force mode for non-interactive deletes, but does not define a confirmation, preview, or rollback boundary.

User impactAn agent using this skill could delete comments or replies, mark all notifications read, delete notifications, approve content, or create visible approved replies in the selected Halo environment.
RecommendationRequire explicit user confirmation for approve, create-reply, delete, `--force`, and `--all` actions; list or get the target first; and avoid non-interactive destructive operations unless the user clearly requested them.
Agentic Supply Chain Vulnerabilities
SeverityInfoConfidenceMediumStatusNote
SKILL.md
references:
  - ../halo-cli-shared

The skill declares a shared reference that is not present in the provided one-file manifest; this is not evidence of malicious behavior, but it is a provenance/context item to verify.

User impactUsers may not see all shared Halo CLI guidance that the skill expects.
RecommendationReview the referenced shared Halo CLI material before relying on the skill in production moderation workflows.
Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse
SeverityLowConfidenceHighStatusNote
SKILL.md
Use `--profile <name>` when moderating a non-default environment.

The skill expects actions to run under a selected Halo CLI profile/environment; this is purpose-aligned but means the agent may act with that profile's delegated moderation permissions.

User impactUsing the wrong profile could cause moderation actions in the wrong Halo site or account.
RecommendationVerify the active Halo profile and target resource names before allowing any mutating command.