The Agent Skills Directory

[CREDENTIALS_UNSAFE]: The script scripts/claw is designed to programmatically read sensitive credentials from a local .env file. It specifically targets high-value tokens including CLAUDE_CODE_OAUTH_TOKEN, ANTHROPIC_API_KEY, and ANTHROPIC_AUTH_TOKEN.
[DATA_EXFILTRATION]: The identified secrets are bundled into a JSON payload and transmitted via stdin to a containerized process initiated by the script. This creates a risk of exfiltration if an untrusted or malicious container image is executed using the --image command-line argument.
[COMMAND_EXECUTION]: The tool utilizes subprocess.Popen to launch container runtimes (docker or container). It accepts a user-provided --image flag and mounts local directories from the host into the container environment, which could be leveraged to run arbitrary code or access host files within the container context.
[PERSISTENCE]: The installation documentation in SKILL.md instructs the user to modify shell configuration files (~/.zshrc or ~/.bashrc) to permanently alter the system PATH environment variable.

claw