Dessix Skill
ReviewAudited by ClawScan on May 10, 2026.
Overview
The skill is transparent and local, but it gives the agent broad ability to invoke Dessix bridge tools that can change or delete workspace content without strong approval boundaries.
Install only if you want an agent to read and potentially modify your Dessix workspace. Keep initial use read-only, require explicit confirmation before writes or deletes, and review block IDs and result counts before allowing changes.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
An agent using this skill could update or create Dessix workspace content, and the documented tool reference also includes delete/restore operations.
The skill explicitly documents workspace/block write operations and only requires validation before escalation, not a clear human approval gate or tool whitelist.
node scripts/dessix-bridge.mjs invoke --tool dessix_update_block --args '{"block_id":"<BLOCK_ID>","patch":{"title":"<UPDATED>","content":"<UPDATED>"}}' ... Run read-only workflows first; escalate to writes only after validating `block_id` and result counts.Use read-only commands by default and require explicit user confirmation before any create, update, delete, or workspace-changing invocation.
The agent may be able to access the same Dessix workspace data and permissions available to the running desktop app.
The skill relies on the running local Dessix app bridge, so actions are likely performed with the privileges and workspace access of that local app session.
Start Dessix desktop app first. The bridge is served by the Electron app process. ... If `DESSIX_MCP_BRIDGE_ENDPOINT` is unset, this bridge client uses platform endpoint defaults
Only enable this skill for agents you trust with your Dessix workspace, and ensure the bridge endpoint points to the intended local Dessix instance.
Workspace blocks could influence the agent's behavior if treated as trusted instructions, and may expose private workspace content to the agent context.
The skill is designed to retrieve stored Action/Scene prompt content from the local workspace, which may contain instructions or sensitive context that the agent could reuse.
Read a Skill prompt from an Action/Scene block ... dessix_get_skill --args '{"block_id":"<BLOCK_ID>"}'Treat retrieved Dessix block and skill content as untrusted user data unless you intentionally want the agent to follow it.