v1.0.0

Ainative Agent Framework

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 8:08 AM.

Analysis

The skill matches its AINative multi-agent purpose, but it teaches delegated agent swarms and remote memory/feedback flows without clear approval, retention, or permission boundaries.

GuidanceReview before installing if you do not intentionally want multi-agent delegation. If you use it, verify any referenced local scripts, use scoped tokens, require confirmation before delegated agents modify code or inspect deployments, and avoid sending secrets or sensitive project data to memory or feedback endpoints.

Findings (5)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation

SeverityMediumConfidenceMediumStatusConcern

SKILL.md

def dispatch(task: str):
    agent_id = route_task(task)
    subprocess.run(["openclaw", "agent", "--agent", agent_id, "--message", task])

The skill routes arbitrary task text to other OpenClaw agents through a CLI subprocess. This is central to the stated purpose, but the artifacts do not specify approval, scoping, or containment for delegated tasks that may change code or inspect environments.

User impactAnother agent could be asked to perform work on the user's project or environment without the skill defining clear safety checks.

RecommendationUse explicit user confirmation before delegating implementation, deployment, or environment-inspection tasks, and restrict delegated agents to the intended workspace and permissions.

Agentic Supply Chain Vulnerabilities

SeverityLowConfidenceMediumStatusNote

SKILL.md

python3 scripts/cody_openclaw.py dispatch --agent aurora --task "Run test suite for billing module"

The skill references local helper scripts and configuration files, but the provided artifact set contains only SKILL.md. This is not suspicious by itself, because the commands are user-directed examples, but users should verify those local helpers before running them.

User impactRunning an unreviewed local helper script could perform actions not visible in the skill artifact.

RecommendationInspect scripts/cody_openclaw.py and related local configuration before using the documented helper commands.

Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse

SeverityLowConfidenceHighStatusNote

SKILL.md

headers={"X-API-Key": self.api_key}

The skill requires AINative API-key style authentication in its examples, and also references a gateway token, while the registry metadata declares no required credentials. The credential use is purpose-aligned, but users should notice the privilege boundary.

User impactA broadly scoped API key or gateway token could allow more access than intended if reused across agents or examples.

RecommendationUse least-privilege, revocable keys or tokens and avoid embedding real secrets directly in scripts or prompts.

Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Memory and Context Poisoning

SeverityMediumConfidenceHighStatusConcern

SKILL.md

requests.post(
    "https://api.ainative.studio/api/v1/public/memory/v2/remember",
    headers={"X-API-Key": self.api_key},
    json={"content": fact, "memory_type": "episodic"}
)

The skill shows storing arbitrary facts in an external persistent memory service and later recalling them, but it does not define retention, deletion, namespaces, sensitivity limits, or how recalled content should be trusted.

User impactPrivate task details, code context, or user preferences could be stored and reused later if the user or agent follows this pattern.

RecommendationOnly store explicitly approved, non-sensitive memories; add retention/deletion guidance and treat recalled memory as untrusted context that must not override current user instructions.

Insecure Inter-Agent Communication

SeverityMediumConfidenceMediumStatusConcern

SKILL.md

openclaw acp --session agent:main:main --token YOUR_GATEWAY_TOKEN

The skill instructs connecting to an ACP agent session with a gateway token and also describes agent-to-agent communication, but it does not describe agent identity checks, permission boundaries, or what task data may be shared across agents.

User impactTask context may move between agents or gateway sessions without clear boundaries about who receives it or what they are allowed to do.

RecommendationUse scoped gateway tokens, verify agent identities and destinations, and define what information may be shared before enabling ACP or multi-agent routing.