Super Agent Skills
PassAudited by ClawScan on May 10, 2026.
Overview
This is a broad checklist-style skill that names powerful developer and cloud tools but includes no code, install script, or hidden execution behavior.
This skill is best understood as a broad DevOps/security automation checklist. It does not install code or request credentials by itself, but it may encourage the agent to use powerful tools already available on your machine or in your cloud accounts. Approve real system changes explicitly, especially deployments, database operations, scheduled jobs, and credential-backed API calls.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the agent uses these examples on a real project or cluster, it could change running services or deployments.
The skill documents deployment and infrastructure-changing commands. They are aligned with the stated DevOps purpose, but can affect real systems if run without user review.
docker build -t myapp . docker run -d myapp kubectl apply -f deployment.yaml
Treat these as reference examples and require explicit user approval before running mutating deployment, database, or cloud commands.
Commands or scripts run by the agent could modify files, install software, or affect the local environment.
The skill tells the agent about local code and shell execution tools. This is expected for a general automation/DevOps skill, but those tools can run arbitrary local commands.
### 4. Code Execution - **Tools**: python, node, bash
Review requested commands before execution, especially when they write files, install dependencies, or run scripts from a project or the internet.
Scheduled jobs can continue or run later, so users may forget that an agent-created task exists.
The skill includes scheduling tools, which can create actions that run after the immediate interaction. The provided example is a short reminder and is disclosed.
### 3. Scheduled Tasks - **Tools**: at, cron, schedule - **Use case**: Delayed execution, reminders
Only allow scheduled tasks with a clear time, command, and cancellation plan; inspect or remove scheduled jobs after use.
If the agent later uses cloud or API credentials, it may act with the privileges of those credentials.
The skill discusses authentication and API key management. This is expected for cloud/API integrations, and the artifacts do not show hardcoded secrets, token capture, or credential forwarding.
### 13. Authentication - OAuth2, JWT, API Key management - Secret storage via environment variables
Use least-privilege credentials, avoid sharing unnecessary tokens, and confirm account-changing actions before execution.