Agent Toolkit
PassAudited by ClawScan on May 1, 2026.
Overview
The visible artifacts describe a local logging toolkit for agent workflows; the main thing to notice is that it persistently stores whatever is logged in plaintext files on the user’s machine.
This skill appears safe for local tracking of agent-tool experiments, benchmarks, prompts, and costs. Before installing, understand that it creates persistent plaintext files under ~/.local/share/agent-toolkit/ and can export those records; do not log secrets or confidential data, and verify the local script/command setup because no install spec is declared.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the user or agent logs secrets, sensitive prompts, internal configuration details, or cost information, those records may remain readable on the local machine and in exported files.
The skill intentionally creates persistent plaintext records of agent workflow data, including prompts, configurations, costs, usage, and exports.
All data is stored in plain text files under the data directory... Default data directory: `~/.local/share/agent-toolkit/`
Avoid logging API keys, tokens, private prompts, or confidential customer/business data. Periodically review or delete the data directory and exported files.
Users may need to verify how the local command is installed or wired before relying on it.
The package includes a Bash script and documents an `agent-toolkit` command, but the registry does not declare an install mechanism or required binaries.
No install spec — this is an instruction-only skill; Code file presence: scripts/script.sh
Install only from the stated source, inspect the included script before use, and confirm that the command being run is the expected local helper.