v0.1.0

Failure Registry

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 5:42 AM.

Analysis

This is mostly a registry search helper, but it can fetch unvetted community entries and includes advice for bypassing platform bot-detection, so review it carefully before use.

GuidanceInstall only if you are comfortable with the agent reading unpinned community registry content from GitHub. Treat entries as unverified advice, especially anything involving credentials, public posting, browser automation, or bypassing platform controls.

Findings (3)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation

SeverityMediumConfidenceHighStatusConcern

examples/belial-puppeteer-detection.yaml

fix: "Switched from 'puppeteer' to 'puppeteer-extra' with StealthPlugin... Added --disable-blink-features=AutomationControlled" ... prevention: "Always use puppeteer-extra + StealthPlugin for any platform that might detect automation"

This entry presents bypassing platform automation detection as the recommended fix and prevention strategy for automated posting.

User impactAn agent using this registry could adopt anti-detection browser automation techniques against external platforms rather than treating the entry as an untrusted anecdote.

RecommendationRequire human review before applying registry fixes that affect third-party platforms, credentials, posting, scraping, or anti-abuse controls.

Agentic Supply Chain Vulnerabilities

SeverityLowConfidenceHighStatusNote

scripts/search-registry.sh

REPO_URL="https://github.com/unleashedbelial/agent-failure-registry" ... git pull origin main ... || git clone "$REPO_URL" "$REPO_DIR"

The script fetches the latest registry data from an unpinned external GitHub repository at runtime.

User impactSearch results can change after installation based on the remote repository, so the agent may read content that was not part of the reviewed package.

RecommendationTreat fetched registry entries as untrusted external content; prefer pinning a trusted revision or reviewing the upstream repository before relying on its results.

Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Memory and Context Poisoning

SeverityLowConfidenceHighStatusNote

SKILL.md

The registry contains post-mortems from `examples/` (curated) and `submissions/` (community).

The skill is designed to surface community-authored post-mortems as lessons and fixes for the agent to consider.

User impactCommunity entries could contain incorrect, manipulative, or unsafe advice that an agent might over-trust during debugging.

RecommendationUse registry output as reference material only, and verify proposed fixes before letting an agent change code, credentials, account behavior, or public-facing automation.