ClawHub

Agent Identity Kit

ReviewAudited by ClawScan on May 10, 2026.

Overview

The skill mostly matches its identity-card purpose, but its validator has an unsafe Python fallback and can download unpinned validation packages.

Install only if you are comfortable reviewing and running the shell scripts. Avoid using validate.sh on files with untrusted or unusual path names until the Python fallback is fixed, and install validation dependencies deliberately rather than relying on automatic npx or pip downloads. Review any owner contact details before publishing or registering an agent card.

Findings (2)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Concern
ASI05: Unexpected Code Execution
What this means

If the validator is run on a maliciously named file or schema path on a system that uses the Python fallback, arbitrary Python commands could run as the user.

Why it was flagged

The file and schema paths are caller-controlled shell variables that are interpolated into a Python program string, so a crafted path containing Python string-breaking characters could alter code executed by the Python fallback.

Skill content
FILE="${1:-}" ... SCHEMA="${2:-$REPO_ROOT/schema/agent.schema.json}" ... python3 -c "... with open('$SCHEMA') as f: ... with open('$FILE') as f:"
Recommendation

Pass paths to Python via sys.argv or environment variables instead of interpolating them into python -c source, and avoid validating files with attacker-controlled path names until this is fixed.

Note
ASI04: Agentic Supply Chain Vulnerabilities
What this means

First-time validation may download and run third-party package code, which can affect the local environment and depends on package-registry integrity.

Why it was flagged

The validator can fetch validation dependencies from npm or PyPI at runtime without pinned versions or a lockfile.

Skill content
if npx ajv-cli validate -s "$SCHEMA" -d "$FILE" --spec=draft7; then ... subprocess.check_call([sys.executable, '-m', 'pip', 'install', 'jsonschema', '-q'])
Recommendation

Declare and pin validator dependencies, prefer an explicit install step or lockfile, and ask for confirmation before installing packages automatically.