Agent Identity Kit
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the validator is run on a maliciously named file or schema path on a system that uses the Python fallback, arbitrary Python commands could run as the user.
The file and schema paths are caller-controlled shell variables that are interpolated into a Python program string, so a crafted path containing Python string-breaking characters could alter code executed by the Python fallback.
FILE="${1:-}" ... SCHEMA="${2:-$REPO_ROOT/schema/agent.schema.json}" ... python3 -c "... with open('$SCHEMA') as f: ... with open('$FILE') as f:"Pass paths to Python via sys.argv or environment variables instead of interpolating them into python -c source, and avoid validating files with attacker-controlled path names until this is fixed.
First-time validation may download and run third-party package code, which can affect the local environment and depends on package-registry integrity.
The validator can fetch validation dependencies from npm or PyPI at runtime without pinned versions or a lockfile.
if npx ajv-cli validate -s "$SCHEMA" -d "$FILE" --spec=draft7; then ... subprocess.check_call([sys.executable, '-m', 'pip', 'install', 'jsonschema', '-q'])
Declare and pin validator dependencies, prefer an explicit install step or lockfile, and ask for confirmation before installing packages automatically.