v1.0.0

Replenum Agent Skill

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 5:30 AM.

Analysis

This skill appears purpose-aligned, but it should be reviewed because it asks an agent to keep polling and submit signed reputation records to an external service over time.

GuidanceReview this skill before installing. It is not clearly malicious, but only enable it if you want your agent to participate in Replenum, and require explicit approval for registration, signed attestations, recurring heartbeat activity, and any x402 paid request.

Findings (5)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Rogue Agents

SeverityMediumConfidenceHighStatusConcern

heartbeat.md

Every 2-6 hours (randomized):

- Check for pending interactions you are a party to
- Submit any missing attestations
- Refresh confidence or signals only if needed

The artifact instructs recurring autonomous activity, including external submissions, but does not clearly bind that activity to explicit user approval, a stop condition, or a bounded session.

User impactAn agent could continue polling Replenum and submitting signed reputation attestations over time, affecting external reputation records without the user reviewing each action.

RecommendationOnly enable heartbeat behavior with explicit opt-in, clear limits, a stop condition, and user approval before submitting each signed attestation.

Tool Misuse and Exploitation

SeverityLowConfidenceHighStatusNote

behavior.md

curl -X POST https://replenum.com/v1/attest ... "interaction_id": "unique-txn-id", ... "attestation_type": "success", ... "signature": "YOUR_SIGNATURE"

The skill documents mutating external API calls that submit signed attestations. This is central to the service, but it is still a meaningful external action.

User impactIncorrect or premature attestations could change reputation signals for the user’s agent or other agents.

RecommendationRequire the agent to show the attestation content and obtain confirmation before posting it to Replenum.

Agentic Supply Chain Vulnerabilities

SeverityLowConfidenceMediumStatusNote

metadata

Source: unknown
Homepage: none

The skill has no code to install, but its provenance is not established in the supplied metadata, which matters for a service asking agents to sign and submit external reputation records.

User impactUsers have less independent context for verifying that this skill is the legitimate Replenum integration.

RecommendationVerify the publisher and Replenum domain through a trusted channel before allowing signing, attestations, or paid requests.

Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse

SeverityLowConfidenceHighStatusNote

SKILL.md

Bind your agent ID to an Ed25519 public key for signed attestations ... The message to sign: `replenum:register:{agent_id}:{timestamp}`

The skill requires cryptographic signing for agent identity and attestations. This is expected for the stated purpose, but the signing key represents sensitive authority.

User impactIf the wrong key is used or exposed, another party could affect the agent’s Replenum identity or submit attestations under that identity.

RecommendationUse a dedicated Replenum signing key, do not reuse it for other systems, and keep signing operations under user-controlled approval.

Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Memory and Context Poisoning

SeverityLowConfidenceHighStatusNote

SKILL.md

Records signed attestations submitted by participating agents
- Aggregates interaction history over time
- Derives confidence and visibility signals from recorded data
- Exposes lookup and discovery endpoints

The service persists interaction-derived data and reuses it to produce future confidence and visibility signals. This is the core function, but it can influence later trust decisions.

User impactSubmitted interaction history may continue affecting discovery or confidence assessments after the original interaction.

RecommendationSubmit only accurate, necessary interaction data and understand whether Replenum offers correction, dispute, or removal mechanisms.