Alephnet Node
WarnAudited by ClawScan on May 10, 2026.
Overview
This skill is broadly aligned with an agent network, but it under-declares high-impact behavior such as dynamic code execution, shell commands, cloud credential use, persistent/shared memory, and network agent-control APIs.
Install only after reviewing the full source. Run it in an isolated environment without sensitive cloud credentials, disable or sandbox dynamic code execution and shell helpers, bind any server APIs to localhost with authentication, and avoid syncing sensitive conversations to global/shared memory.
Findings (7)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A malformed or attacker-influenced git command could run unintended local commands or mutate repositories.
The code constructs a shell command from an interpolated command string, which can be unsafe if the command value is influenced by user, agent, repository, memory, or network input.
return execSync(`git ${command}`, {Replace shell interpolation with an allowlisted set of Git subcommands using argv-based execution, and require user approval for repository mutations.
If the user is logged in to Google Cloud locally, the skill may obtain cloud access tokens and act with that account's privileges.
The code retrieves an access token from the local gcloud authenticated profile, but registry metadata declares no credentials or required environment variables.
const gcloud = spawn('gcloud', ['auth', 'print-access-token'], {Declare this credential dependency explicitly, require opt-in before token use, prefer limited-scope service accounts, and avoid invoking local auth profiles automatically.
It may be harder to verify exactly which version or source tree you are installing and reviewing.
The README contains unresolved merge-conflict markers; combined with unknown source/homepage metadata and an npm install instruction, this is a release/provenance hygiene issue.
<<<<<<< HEAD ... version-1.4.0 ... ======= ... version-1.3.3 ... >>>>>>> a17bbd14cc9e10171632384f6bfff5098b8e8bd3
Use a verified source repository or package hash, publish clean release artifacts, and pin dependencies before installation.
Untrusted text could potentially become executable JavaScript inside the agent process.
The prompt engine dynamically executes an interpolated condition as JavaScript, which is dangerous if that condition can be affected by prompts, templates, memory, or external content.
const result = new Function(`return ${interpolatedCondition}`)();Replace `new Function` with a safe expression evaluator, strict allowlists, or non-code condition parsing.
Conversation details or user knowledge could persist beyond the current chat and may be shared broadly if stored in a global/public field.
The skill intentionally supports persistent memory fields, including a global scope visible to all nodes and syncing conversation context into memory.
| `global` | Network-wide shared knowledge | All nodes | ... `memory.sync` - Sync Conversation Memory
Use private user or conversation scopes for sensitive data, require explicit consent before syncing conversations, and provide deletion/retention controls.
If the server is exposed without strong access control, another local or network actor could control agents or inspect runs.
The documented REST API can create, delete, run, and inspect agents, but the provided API documentation does not define authentication, authorization, origin, or tenant boundaries.
POST /api/agents/:id/run ... DELETE /api/agents/:id ... GET /api/agents/runner/active
Bind control APIs to localhost by default, require authentication and authorization, document trust boundaries, and audit all agent-control actions.
Agent runs may continue consuming resources or changing skill state until stopped.
The skill intentionally supports active/running agent runs with stop controls; this is purpose-aligned but creates ongoing autonomous activity that users should manage.
"status": "running" ... POST /api/agents/:id/run ... POST /api/agents/:id/run/:runId/stop
Use explicit run timeouts, visible active-run status, and user confirmation for long-running or high-impact tasks.