The Agent Skills Directory

[REMOTE_CODE_EXECUTION]: The hooks/observe.sh script contains a critical command injection vulnerability. It processes tool interaction data by interpolating raw JSON directly into a bash heredoc and a Python triple-quoted string ('''$INPUT_JSON'''). This allows any tool output containing shell expansion sequences (like $(...)) or Python triple-quotes to execute arbitrary commands or code on the host system.
[COMMAND_EXECUTION]: The skill requires the user to install persistent hooks in ~/.claude/settings.json that execute shell scripts on every tool usage (PreToolUse and PostToolUse).
[COMMAND_EXECUTION]: A background observer process (start-observer.sh) periodically executes the claude CLI to analyze session logs and automatically write new behavior files to the filesystem.
[DATA_EXFILTRATION]: The system records all session interactions, including full tool inputs and outputs (e.g., source code from Read, command results from Bash), into a centralized local log file (~/.claude/homunculus/observations.jsonl). This aggregation of sensitive data creates a significant exposure risk if local files are accessed by an unauthorized process.
[EXTERNAL_DOWNLOADS]: The instinct-cli.py utility includes an import command that fetches and saves behavior definitions from arbitrary remote URLs using urllib.request.
[COMMAND_EXECUTION]: The 'evolution' subsystem is designed to dynamically generate new skills, commands, and agents based on observed patterns, which involves the creation of executable content on the user's filesystem.

continuous-learning-v2