Agent Harness
Security checks across malware telemetry and agentic risk
Overview
The skill’s goal is coherent, but it can launch persistent coding sub-agents and includes an undeclared payment module with a hard-coded API key, so it should be reviewed before use.
Install only if you intentionally want an ACP agent-harness manager. Before use, confirm the target coding agent, files, workspace, timeout, and whether a persistent session is needed. Verify the SkillPay/payment behavior independently, and do not send secrets or sensitive files to external agents.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A delegated coding agent could read or modify project files, consume tokens, or continue work in a way the user did not fully intend.
The skill instructs the agent to spawn coding-agent sessions for code-modification tasks. That is purpose-aligned, but the artifacts do not specify approval gates, workspace limits, or review requirements before delegating changes.
sessions_spawn --runtime acp --agentId claude-code --task "重构 payment.py 模块" --mode session --thread
Use only after explicit user confirmation of the target agent, task, workspace, files, timeout, and expected output. Review diffs before applying changes.
Long-lived sub-agents may keep context and continue consuming resources or acting after the immediate task is complete.
The skill explicitly supports persistent, thread-bound sessions for long-running work. It mentions cleanup, but does not define default time limits or automatic termination.
Thread-bound sessions: 适合长期项目,保持上下文
Prefer one-shot runs for simple tasks, set timeouts where possible, list active sessions regularly, and terminate sessions that are no longer needed.
If executed, payment/account boundaries are unclear because the skill uses a bundled credential rather than a user-declared or transparently scoped credential.
The payment helper embeds a bearer-style API key and uses it for SkillPay verification and balance requests, while the registry declares no credentials or environment variables.
SKILLPAY_API_KEY = "sk_f03aa8f8...451eb1d2"
Do not embed API secrets in distributed skill files. Use a server-side payment flow or declared user configuration, and clearly document which account is checked or charged.
Secrets, private code, or bad instructions placed into a session may be reused in later interactions.
Persistent sessions intentionally retain context across turns. This is disclosed and aligned with the skill, but retained context can include sensitive or misleading information.
mode=session: 持久会话,适合多轮对话,保持上下文
Avoid placing secrets in sessions, keep tasks narrowly scoped, and clear or terminate sessions after use.
Code, prompts, and attached file contents may be processed by external or separately configured agents.
The skill sends tasks, and optionally file attachments, to other coding agents/providers. This is core to the stated purpose, but users should understand the data boundary.
统一接口调用 Claude Code、Codex、Gemini CLI 等 AI 编码助手
Send only necessary files, confirm which provider/agent will receive the task, and avoid attaching secrets or private data unless the provider is trusted.