AgentZero
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If enabled, the skill can use the configured Gmail account to read Redfin alert metadata and drive listing discovery.
This is high-impact account access: the workflow depends on Gmail credentials or tokens stored locally. It is purpose-related, but sensitive enough that the user should explicitly review and constrain it.
himalaya must be configured with an IMAP/SMTP account pointing to the user's Gmail inbox. The app password or OAuth token must be stored in the system keychain or himalaya config file.
Use the narrowest Gmail credential possible, confirm himalaya is configured only as intended, and enable the email scan only via a schedule or manual command you control.
A user may believe the browser automation never touches Gmail when the workflow actually describes opening Gmail briefly.
The same privacy section both says Gmail is not browsed and says Gmail is opened to search/click links, which could mislead users about browser session exposure.
Browser automation: the openclaw browser is used exclusively to open Redfin listing URLs ... it does NOT browse Gmail or any other site. Gmail is only opened briefly to search for and click through to the Redfin listing link
Clarify exactly when Gmail is opened, what page content is inspected, whether cookies/session data are used, and what is logged or stored.
Listing data and search criteria may be processed by Anthropic during automatic triage.
The backend sends property details and user search profile descriptions to Anthropic Claude for triage. This is disclosed and purpose-aligned, but it means personal housing preferences leave the local app.
const CLAUDE_API_URL: &str = "https://api.anthropic.com/v1/messages"; ... Fetch all search profiles ... Build a compact prompt from the parsed property fields.
Install only if you are comfortable sending those listing/search-profile details to Anthropic, and keep the API key scoped and revocable.
A cron job could keep scanning email/listings on a schedule after initial setup.
The skill is intended to run recurring automation. That fits a listing watcher, but persistent scheduled tasks should be explicitly approved and easy to disable.
Ask your AI to install AgentZero and set up a daily cron job
Review the cron entry, choose the schedule yourself, and remove or disable it when you no longer want automated scans.
Running setup may download and execute dependency code from package ecosystems.
The setup relies on shell scripts and third-party Rust/npm dependencies. This is expected for the local backend/frontend, but it introduces normal supply-chain review requirements.
scripts/run_backend.sh builds and starts the Rust/Axum backend ... scripts/run_frontend.sh runs `npm install && npm run dev` ... fetching Rust crates (cargo) and npm packages on first build.
Review the scripts and dependency files before running them, and install from a trusted checkout.