v1.0.0

Ping Beads

BenignClawScan verdict for this skill. Analyzed May 1, 2026, 5:17 AM.

Analysis

This is a narrow local health-check skill with no credentials, install script, or code, though its documented command is not clearly declared as a required binary.

GuidanceThis skill looks safe for its stated purpose of checking a local daemon. The main thing to verify is that the `ping-beads` command exists and comes from the trusted beads system, since the metadata only declares `bd` as required.

Findings (1)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Agentic Supply Chain Vulnerabilities

SeverityInfoConfidenceHighStatusNote

SKILL.md

requires": { "bins": ["bd"] } ... # Check if the bead daemon is alive ... ping-beads

The skill declares `bd` as the required binary but documents running `ping-beads`; because no code or install spec is provided, the actual source of that command is not explained in the artifacts.

User impactThe skill appears low-risk, but it may fail or run an unexpected local executable if `ping-beads` is not the trusted command the user intended.

RecommendationBefore using it, confirm that `ping-beads` is an expected, trusted command from the beads system, or update the skill metadata to declare the correct required binary.