The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The scripts/setup.sh script recommends installing the uv package manager using the command curl -LsSf https://astral.sh/uv/install.sh | sh. This URL points to the official domain of Astral, which is a well-known service in the Python development community.
[COMMAND_EXECUTION]: The clawteam spawn command is designed to launch sub-agents using automation flags such as --dangerously-skip-permissions (for Claude Code) and --yolo (for Gemini). These flags are documented features of the respective CLIs used to facilitate autonomous operation by bypassing manual approval dialogs.
[COMMAND_EXECUTION]: The clawteam inbox watch command includes an --exec parameter, enabling the automatic execution of user-defined shell commands upon the receipt of messages in an agent's inbox.
[DATA_EXFILTRATION]: The clawteam board serve command starts a local HTTP server (defaulting to port 8080) to host a web-based kanban dashboard. This server exposes team state, task progress, and real-time event logs via JSON endpoints and Server-Sent Events (SSE).
[PROMPT_INJECTION]: The framework presents a surface for indirect prompt injection as it processes data from multiple sources that influence agent behavior.
Ingestion points: Project goals provided via clawteam launch --goal and messages exchanged via clawteam inbox send (stored in ~/.clawteam/teams/{team}/inboxes/).
Boundary markers: No specific delimiters or instructions to ignore embedded commands were found in the templates or documentation.
Capability inventory: The system can execute arbitrary shell commands via the inbox watch feature and manages file system operations through the workspace commands.
Sanitization: There is no evidence of input validation or sanitization for data processed between agents.

clawteam