三省六部
ReviewAudited by ClawScan on May 10, 2026.
Overview
This skill mostly matches its multi-agent dashboard purpose, but its setup can expose a dashboard on all network interfaces and depends on unreviewed external or missing implementation code.
Review the implementation source before running this skill. If you proceed, bind the dashboard to localhost unless you intentionally need remote access, add authentication, use a virtual environment for installation, and adjust audit-log retention and credential handling to match your privacy and security needs.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the server honors this config, other machines on the network may be able to reach the agent dashboard, potentially exposing agent status, tasks, controls, or audit information.
The installer writes a default configuration that enables the dashboard on all network interfaces. The default block shown here does not include authentication or access-control settings.
dashboard: enabled: true host: "0.0.0.0" port: 8080 refresh_interval: 5
Default the dashboard to 127.0.0.1, require authentication before binding to 0.0.0.0, and clearly document any remote-access setup.
Users may end up executing an external or preinstalled package that was not reviewed with this skill, so the real dashboard, audit, and agent behavior cannot be verified from the supplied files.
The generated launcher runs an edict.server module, but the supplied manifest does not include an edict Python package or server implementation. Running the skill therefore depends on code outside the reviewed artifacts.
cat > ~/.edict/start.sh << 'EOF' #!/bin/bash cd ~/.edict python3 -m edict.server --config ~/.edict/config/default.yaml EOF
Include the actual implementation in the skill package or declare and pin the external package source, version, and integrity hashes so users can review what will run.
Installing could affect other Python applications on the machine or make dependency changes outside the skill’s own directory.
The installer fetches Python packages and falls back to --break-system-packages, which can alter the user’s system Python environment. This is setup-related, but broader than a contained virtual environment.
pip install -q pyyaml requests flask prometheus-client 2>/dev/null || pip install -q --break-system-packages pyyaml requests flask prometheus-client 2>/dev/null
Use a virtual environment, pipx, or --user installs, and pin dependency versions in a lockfile.
If configured, these tokens may allow spending money, sending alerts, or accessing provider accounts depending on their scope.
The example configuration uses model-provider API keys and a Slack webhook. These are expected for model routing and alerting, but they are sensitive credentials.
openai:
api_key: "${OPENAI_API_KEY}"
...
anthropic:
api_key: "${ANTHROPIC_API_KEY}"
...
webhook: "${SLACK_WEBHOOK_URL}"Use least-privilege keys, store them in a secret manager or environment variables, and avoid sharing logs or configs that contain resolved secret values.
Prompts, project details, operational events, or agent outputs could remain on disk for years if the implementation logs them.
The installer creates persistent log and data directories and configures audit retention for seven years. This is consistent with the skill’s audit purpose, but it can preserve sensitive task context for a long time.
mkdir -p ~/.edict/logs mkdir -p ~/.edict/data ... audit: enabled: true storage: "database" retention_days: 2555 # 7年 encryption: true
Review what is logged, reduce retention if unnecessary, protect ~/.edict permissions, and provide a documented cleanup/export policy.