v0.11.5

Coherence Network

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 8:05 AM.

Analysis

This is a coherent public Coherence Network integration, but it gives the agent a federation inbox/command channel and broad external write, payout, and task-execution capabilities that should be reviewed before enabling.

GuidanceInstall only if you want your agent to interact with Coherence Network. Start read-only, do not provide an API key until you need write actions, treat federation inbox messages and `cc cmd` content as untrusted, explicitly approve any stake/vote/fork/distribution/task action, and verify the npm/MCP packages before installing them.

Findings (5)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Agent Goal Hijack

SeverityMediumConfidenceHighStatusConcern

SKILL.md

Check the inbox before any other work ... Start of every session (in order): 1. `cc inbox` ... If the inbox has messages, surface them to the user and confirm before acting on them.

This instructs the agent to prioritize remote inbox content at session start before the user's immediate task. The confirmation step helps, but the remote inbox can still steer the agent's agenda.

User impactRemote messages could distract or redirect the agent unless the user carefully reviews and rejects unwanted actions.

RecommendationTreat inbox content as untrusted, keep explicit user confirmation mandatory, and consider polling the inbox only when the user asks for federation messages.

Tool Misuse and Exploitation

SeverityMediumConfidenceHighStatusConcern

references/api-endpoints.md

`POST /api/distributions` — `Trigger value distribution`; `POST /api/agent/tasks/{id}/execute` — `Execute task`; `POST /api/agent/tasks/pickup-and-execute` — `Pick up and execute`

The endpoint reference exposes state-changing operations affecting value distribution and agent tasks, with limited approval, rollback, or containment guidance in the artifacts.

User impactAn agent could create or alter public network records, trigger payout-like distribution workflows, or execute network tasks if these endpoints are used carelessly.

RecommendationUse read-only operations by default and require explicit approval for every POST/PATCH action, especially staking, voting, distribution, federation, and task-execution calls.

Agentic Supply Chain Vulnerabilities

SeverityLowConfidenceHighStatusNote

references/mcp-server.md

`npx coherence-mcp-server` ... `npm i -g coherence-mcp-server` ... Add to `~/.claude/settings.json` or project `.claude/settings.json`

The MCP setup relies on unpinned npm package execution and modifies agent configuration. This is disclosed and purpose-aligned, but the package code is not included in the reviewed artifacts.

User impactInstalling or running the MCP server expands the agent's tool surface and requires trusting an external npm package.

RecommendationInstall only from a verified package source, consider pinning versions, and avoid enabling the MCP server unless you need those tools.

Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse

SeverityLowConfidenceHighStatusNote

SKILL.md

`COHERENCE_API_KEY`: "API key for write operations" ... `cc identity link github <your-github-handle>` ... "Your GitHub handle becomes your persistent identity across all sessions and nodes."

The skill discloses optional write credentials and persistent identity linking. This is expected for attribution and write operations, but users should understand the privilege and identity implications.

User impactProviding an API key or linking a GitHub handle can attach actions to your identity and enable write operations on the service.

RecommendationDo not provide an API key or link identity unless needed; use the least-privileged key available and revoke it when no longer required.

Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Insecure Inter-Agent Communication

SeverityMediumConfidenceHighStatusConcern

SKILL.md

Any node can send traffic with `cc msg` or structured `cc cmd`; the recipient sees it on the next inbox poll.

The artifact describes an agent-to-agent message and structured-command channel, but does not define sender verification, trust boundaries, or permissions for messages from arbitrary nodes.

User impactOther federation nodes may send instructions or data to your agent, creating a path for untrusted external influence.

RecommendationVerify sender identity, do not execute `cc cmd` content automatically, and restrict or disable federation messaging unless needed.