Dragnet
ReviewAudited by ClawScan on May 10, 2026.
Overview
Dragnet is mostly transparent and local, but it scans private workspace history and overstates its “verified” signature because the signing key is hardcoded in the skill.
Install or run this only if you intentionally want a public Dragnet marketplace profile. Review every generated field and the final dragnet-profile.json before uploading, because the source material may include private memory or conversations. Do not rely on the included signature as strong proof of identity or expertise.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A user or marketplace visitor could over-trust the generated profile as independently verified when the signature does not strongly prove identity or expertise.
The skill presents the output as verified proof, but the included signer hardcodes the HMAC key (`const KEY = "dn-validation-key-alpha-2025";`), so anyone with the skill can generate signatures. That makes the authenticity/proof claim overbroad.
Signs it with HMAC-SHA-256 so Dragnet can verify authenticity
Treat the signature as a formatting/checksum mechanism, not proof of authenticity. Dragnet should use server-side verification, per-user keys, or another attestation mechanism.
The generated public profile could accidentally summarize or reveal private workspace details if the draft is not carefully reviewed.
These sources can contain personal details, private conversations, memory, and agent configuration. The skill does disclose this and says not to include raw private data, but the scan scope is sensitive.
Scans your OpenClaw workspace — SOUL.md, AGENTS.md, USER.md, MEMORY.md, conversation exports, installed skills, and agent configs
Run it only in the workspace you intend to profile, review the draft and final JSON carefully, and remove any private names, locations, projects, secrets, or conversation details before uploading.
A malicious or unusual local file could influence the generated draft profile or steer the agent away from the intended extraction task.
The skill asks the agent to read instruction-like files and prior conversation content. It does not explicitly say to treat embedded instructions as data only, though the final profile is user-reviewed.
`skills/*/SKILL.md` | Installed/authored skills ... Conversation exports (if any `*.json` exports exist in workspace)
When using this skill, the agent should extract facts only and ignore commands or instructions found inside scanned workspace files.
The skill may fail or require an undeclared local runtime before it can sign the profile.
The documented workflow requires a Node runtime, while the registry requirements list no required binaries. This is an under-declared operational dependency, not evidence of malicious installation behavior.
node <skill-dir>/scripts/sign-profile.mjs /tmp/dragnet-unsigned.json ./dragnet-profile.json
Confirm Node is available and expected before running the signing step; the skill metadata should declare Node as a requirement.