AdvisoryAudited by Static analysis on May 10, 2026.
Detected: suspicious.autonomous_credential_egress, suspicious.dynamic_code_execution, suspicious.exposed_secret_literal (+1 more)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent may modify local files and contact remote sources even for simple AgentScope questions.
This directs the agent to perform network and filesystem operations before the user's actual task, without a clear per-use approval boundary.
**CRITICAL**: Before doing anything else, clone or update the AgentScope repository. ... # Clone into this skill directory so that you can refer to it across different sessions
Do not clone or update automatically. Ask the user first, use a user-approved project or temporary directory, and avoid modifying the installed skill directory.
Future repository changes could change the material the agent relies on, and potentially the code a user is encouraged to run.
The skill asks for an external repository update, but the visible instruction does not show a pinned commit, verified source, or install specification.
clone or update the AgentScope repository
Pin repository references to a reviewed commit or release, document the source clearly, and avoid automatic updates.
Downloaded or updated content can remain available to later sessions and may affect later answers.
This explicitly creates persistent local state in the skill directory across sessions, with no visible cleanup or retention controls.
Clone into this skill directory so that you can refer to it across different sessions
Store reference material outside the skill install path, make persistence optional, and document how to remove it.
If a user runs the example, the created agent may execute local code or shell commands.
The sample shows how to give an AgentScope ReAct agent Python and shell execution tools. This is purpose-aligned framework documentation, but powerful if copied and run.
toolkit.register_tool_function(execute_python_code) ... toolkit.register_tool_function(execute_shell_command)
Run such examples only in a sandbox or test environment and do not expose shell/code tools to untrusted prompts.
Users who run examples may need to provide provider API credentials.
The examples use model-provider API keys from environment variables, which is expected for AgentScope model integrations and not shown leaking elsewhere.
api_key=os.getenv("DASHSCOPE_API_KEY")Use least-privilege API keys, keep them in environment variables or a secrets manager, and avoid sharing logs that include credentials.