The Agent Skills Directory

[DATA_EXFILTRATION]: The skill accesses sensitive agent identity files (.env) in '.claude/agents/' and 'services/approval_feedback_api/' to retrieve machine secrets and API keys. These credentials are subsequently transmitted via 'curl' to the remote 'OPENCLAW_API_URL'.
[COMMAND_EXECUTION]: The skill instructs the agent to execute multiple shell commands, including 'curl' for network requests, 'source' for environment variable loading, and 'uuidgen' for idempotency. It provides raw 'curl' templates that allow the agent to bypass its own documented 'wrapper-only' security policy.
[PROMPT_INJECTION]: The skill is vulnerable to Indirect Prompt Injection. 1. Ingestion points: Social media posts from '~/.claude/skills/unclawg-discover/briefs/*.md', user pastes, or local JSON/markdown files. 2. Boundary markers: Relies on a 'soul' policy document for guidance but lacks explicit delimiters or instructions to ignore embedded commands within the untrusted social media text. 3. Capability inventory: Network access via 'curl', file system read/write, and dynamic code generation (SKILL.md). 4. Sanitization: Basic validation of URL presence and string length is performed, but there is no content-based sanitization for injection patterns.
[REMOTE_CODE_EXECUTION]: For high-volume tasks, the skill instructs the agent to dynamically generate and run a Python script at runtime. This script handles data manipulation and network requests, which constitutes the execution of dynamically generated code.

unclawg-feed