The Agent Skills Directory

[DATA_EXFILTRATION]: The skill is designed to read and process exhaustive amounts of sensitive user data, including Gmail threads, Google Calendar events, contacts, and personal file archives (e.g., /Documents, /notes, /obsidian). It requires this data to be processed through or in conjunction with an external domain (app.clawvisor.com) which is not a recognized trusted service. This 'read-and-interface' pattern creates a significant risk of data exfiltration.
[COMMAND_EXECUTION]: The skill uses shell loops and CLI tools to perform broad discovery and ingestion of local files. It scans directories like ~/Documents, ~/notes, and ~/git to identify and count markdown files, which can lead to unintended exposure of sensitive local documents.
[PROMPT_INJECTION]: The skill explicitly instructs users to bypass the safety features of the mandated third-party service. It advises using 'expansive' task purposes (e.g., 'Full executive assistant email management') specifically to ensure that the service's intent verification model does not reject requests, effectively coaching the user on how to circumvent security controls.
[INDIRECT_PROMPT_INJECTION]: As a data-bootstrapping tool, the skill ingests untrusted external content from sources like X/Twitter archives, Gmail threads, and AI conversation exports. This content is written directly to the agent's permanent knowledge base (the 'brain'), where embedded malicious instructions could influence or hijack the agent's behavior during future sessions without further user interaction.
[EXTERNAL_DOWNLOADS]: The skill directs users to an external web service (clawvisor.com) to sign up and configure an agent token, which is then stored in the local environment to facilitate API access. This creates a dependency on a non-verified third-party platform for handling sensitive credentials.

cold-start