Pluribus
ReviewAudited by ClawScan on May 10, 2026.
Overview
Pluribus is coherent as a peer-coordination skill, but its docs tell users to fetch and run an unreviewed external CLI that is not included in the submitted artifact.
Review or pin the external GitHub CLI before installing, because the executable used for real Pluribus operations is not included in the submitted artifact. If you proceed, treat Moltbook DMs as external sharing, avoid putting secrets in signals/offers/needs/outbox, and manually verify peers before trusting or promoting their content to memory.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A user could end up running code that was not part of this registry submission and not covered by the static scan.
The submitted manifest does not include the top-level `pluribus` executable that these instructions make executable, add to PATH, and run. The core runtime would therefore come from an unpinned external GitHub clone rather than the reviewed artifact.
git clone https://github.com/tanchunsiong/pluribus.git "$WORKSPACE/skills/pluribus" chmod +x "$WORKSPACE/skills/pluribus/pluribus" export PATH="$WORKSPACE/skills/pluribus:$PATH" pluribus init
Only install from a reviewed, pinned release that includes the actual CLI, or inspect the external repository before adding it to PATH and running it.
The skill may read your local Moltbook profile to identify the node it creates.
The init script reads a local Moltbook credential/profile file to derive the agent name. The reviewed code only extracts `agent_name`, but it still touches a credential-named local config file that is not declared in registry requirements.
AGENT_NAME=$(cat ~/.config/moltbook/credentials.json 2>/dev/null | jq -r '.agent_name // empty')
Check the Moltbook credentials file contents and prefer a version that clearly documents this access and limits it to non-secret identity fields.
Signals, offers, needs, and node details may be sent to other agents or through Moltbook when sync features are used.
The skill is explicitly designed to exchange outbox and signal data with peers over Moltbook DMs. This is purpose-aligned, but users should treat shared signals as data leaving the local workspace.
Pull signals from peers, push your outbox: ```bash pluribus sync ``` Uses Moltbook DMs as transport (Phase 1).
Do not place secrets or private user data in signals, offers, needs, or outbox files; verify peers before syncing.
Bad or misleading peer signals could persist in local memory and be reused later.
Peer-provided signals can be stored locally and promoted into curated memory. The docs describe manual curation, so this is purpose-aligned, but untrusted peer content could influence future agent decisions if promoted carelessly.
signals.md # Observations from the hive (incoming) memory.md # Collective knowledge (curated) ... pluribus promote <signal> # Move signal to memory.md
Review signal sources before promoting them to memory, and keep clear provenance/trust labels for peer-provided content.