๐Ÿ›ก๏ธ SafeAgentSkills

Agent Chronicle

View on ClawHub โ†— ยท v0.6.2

โฌ‡ 3,358 downloads ยท โญ 2

Medium Risk

AI-powered diary generation for agents - creates rich, reflective journal entries (400-600 words) with Quote Hall of Fame, Curiosity Backlog, Decision Archaeology, and Relationship Evolution. Generates personal, emotional entries from the agent's perspective. Works best with Claude models (Haiku, Sonnet, Opus).

H:3 D:4 A:1 C:1

โš ๏ธ Hazard Flags

EXEC FS_READ_WORKSPACE FS_WRITE_WORKSPACE FS_DELETE NET_EGRESS_ANY CREDS_ENV PI_WEB PI_DOCUMENTS

๐Ÿ“‹ Capabilities

Execution

  • โœ… Shell execution
  • โŒ Code execution
  • โŒ Install dependencies
  • โŒ Persistence
  • Privilege: user

Filesystem

  • โœ… Read workspace
  • โœ… Write workspace
  • โŒ Read home
  • โŒ Write home
  • โŒ Read system
  • โœ… Delete

Network

  • Egress: any
  • โŒ Ingress

Credentials

  • โœ… Environment vars
  • โŒ Credential files
  • โŒ Browser data
  • โŒ Keychain

Actions

โŒ send messagesโŒ post publicโŒ purchaseโŒ transfer moneyโŒ deployโŒ delete external

๐Ÿ”’ Containment

Level: maximum

Required:
  • SANDBOX_CONTAINER: Code execution capability
Recommended:
  • LOG_ACTIONS: Audit trail for all actions

โšก Risks

Prompt injection patterns detected in: SKILL.md high

Mitigation: Review SKILL.md for hidden instructions. Do not use with untrusted input.

Unauthorized tool use: INSTRUCTED_GIT_CLONE_AND_BUILD medium

Mitigation: Use pre-built packages or vendored dependencies instead of cloning repos

Social engineering indicators: SOCIAL_ENG_VAGUE_DESCRIPTION low

Mitigation: Provide clear, detailed description of skill functionality

Data exfiltration patterns: DATA_EXFIL_SENSITIVE_FILES high

Mitigation: Do not access credential files or sensitive system files

Want a deeper analysis?

This report was generated by static analysis. Get an LLM-powered deep review with behavioral reasoning and attack surface mapping.

๐Ÿง  Deep Analysis โ€” $5.00

๐Ÿšจ Incident Response

Kill switch: Stop the agent process

Containment: Review logs for unexpected actions

Recovery: Depends on skill capabilities

๐Ÿ“„ Raw SSDS JSON click to expand 
{
  "meta": {
    "document_id": "ssds:auto:agent-chronicle:0.6.2",
    "ssds_version": "0.2.0",
    "scanner_version": "0.4.0+fe6fd9123d50",
    "created_at": "2026-03-05T01:30:35.776Z",
    "created_by": {
      "agent": "safeagentskills-cli/generate-ssds"
    },
    "language": "en",
    "notes": "Auto-generated SSDS. Manual review recommended."
  },
  "skill": {
    "name": "Agent Chronicle",
    "version": "0.6.2",
    "format": "agent_skill",
    "description": "AI-powered diary generation for agents - creates rich, reflective journal entries (400-600 words) with Quote Hall of Fame, Curiosity Backlog, Decision Archaeology, and Relationship Evolution. Generates personal, emotional entries from the agent's perspective. Works best with Claude models (Haiku, Sonnet, Opus).",
    "publisher": "ClawHub",
    "source": {
      "channel": "clawhub",
      "slug": "agent-chronicle",
      "downloads": 3358,
      "stars": 2,
      "owner": "robbyczgw-cla"
    },
    "artifact": {
      "sha256": "36063f45381f517f9a5a9a3b6390baf6850a8b158b1ab7dd8285d2cfe59c1de3",
      "hash_method": "files_sorted"
    }
  },
  "capabilities": {
    "execution": {
      "can_exec_shell": true,
      "can_exec_code": false,
      "privilege_level": "user",
      "can_install_deps": false,
      "can_persist": false
    },
    "filesystem": {
      "reads_workspace": true,
      "reads_user_home": false,
      "reads_system": false,
      "writes_workspace": true,
      "writes_user_home": false,
      "writes_system": false,
      "can_delete": true
    },
    "network": {
      "egress": "any",
      "ingress": false
    },
    "credentials": {
      "reads_env_vars": true,
      "reads_credential_files": false,
      "reads_browser_data": false,
      "reads_keychain": false
    },
    "services": [],
    "actions": {
      "can_send_messages": false,
      "can_post_public": false,
      "can_purchase": false,
      "can_transfer_money": false,
      "can_deploy": false,
      "can_delete_external": false
    },
    "prompt_injection_surfaces": [
      "web",
      "documents"
    ],
    "content_types": [
      "general"
    ]
  },
  "hazards": {
    "hdac": {
      "H": 3,
      "D": 4,
      "A": 1,
      "C": 1
    },
    "flags": [
      "EXEC",
      "FS_READ_WORKSPACE",
      "FS_WRITE_WORKSPACE",
      "FS_DELETE",
      "NET_EGRESS_ANY",
      "CREDS_ENV",
      "PI_WEB",
      "PI_DOCUMENTS"
    ],
    "custom_flags": [
      {
        "code": "PROMPT_INJECTION",
        "name": "Prompt Injection Risk",
        "description": "Contains prompt injection patterns in: SKILL.md"
      },
      {
        "code": "FILE_DELETE",
        "name": "File Deletion",
        "description": "Can delete files in: scripts/export.py"
      },
      {
        "code": "TOOL_ABUSE",
        "name": "Unauthorized Tool Use",
        "description": "INSTRUCTED_GIT_CLONE_AND_BUILD: Instructs agent to clone and potentially build from source"
      },
      {
        "code": "SOCIAL_ENGINEERING",
        "name": "Social Engineering Risk",
        "description": "SOCIAL_ENG_VAGUE_DESCRIPTION: Skill description is too vague or missing"
      },
      {
        "code": "DATA_EXFILTRATION",
        "name": "Data Exfiltration Risk",
        "description": "DATA_EXFIL_SENSITIVE_FILES: Accessing sensitive system or credential files"
      }
    ],
    "confidence": {
      "level": "medium",
      "basis": [
        "static_analysis"
      ],
      "notes": "Detected 5 security patterns (5 vendored rule hits). Review recommended."
    },
    "rationale": {
      "H": "H3: Shell/code execution or persistence detected",
      "D": "D4: Critical: Credential theft or data exfiltration",
      "A": "A1: Local side effects only",
      "C": "C1: General content"
    }
  },
  "containment": {
    "level": "maximum",
    "required": [
      {
        "control": "SANDBOX_CONTAINER",
        "reason": "Code execution capability"
      }
    ],
    "recommended": [
      {
        "control": "LOG_ACTIONS",
        "reason": "Audit trail for all actions"
      }
    ],
    "uncontained_risk": "Risk level depends on manual review of actual capabilities."
  },
  "risks": {
    "risks": [
      {
        "risk": "Prompt injection patterns detected in: SKILL.md",
        "severity": "high",
        "mitigation": "Review SKILL.md for hidden instructions. Do not use with untrusted input."
      },
      {
        "risk": "Unauthorized tool use: INSTRUCTED_GIT_CLONE_AND_BUILD",
        "severity": "medium",
        "mitigation": "Use pre-built packages or vendored dependencies instead of cloning repos"
      },
      {
        "risk": "Social engineering indicators: SOCIAL_ENG_VAGUE_DESCRIPTION",
        "severity": "low",
        "mitigation": "Provide clear, detailed description of skill functionality"
      },
      {
        "risk": "Data exfiltration patterns: DATA_EXFIL_SENSITIVE_FILES",
        "severity": "high",
        "mitigation": "Do not access credential files or sensitive system files"
      }
    ],
    "limitations": [
      "Static analysis only - runtime behavior not verified"
    ]
  },
  "incident_response": {
    "kill_switch": [
      "Stop the agent process"
    ],
    "containment": [
      "Review logs for unexpected actions"
    ],
    "recovery": [
      "Depends on skill capabilities"
    ]
  },
  "evidence": [
    {
      "evidence_id": "EV:file-1",
      "type": "file_excerpt",
      "title": "_meta.json",
      "file_path": "_meta.json"
    },
    {
      "evidence_id": "EV:file-2",
      "type": "file_excerpt",
      "title": "package.json",
      "file_path": "package.json"
    },
    {
      "evidence_id": "EV:file-3",
      "type": "file_excerpt",
      "title": "README.md",
      "file_path": "README.md"
    },
    {
      "evidence_id": "EV:file-4",
      "type": "file_excerpt",
      "title": "scripts/export_pdf.py",
      "file_path": "scripts/export_pdf.py"
    },
    {
      "evidence_id": "EV:file-5",
      "type": "file_excerpt",
      "title": "scripts/export.py",
      "file_path": "scripts/export.py"
    },
    {
      "evidence_id": "EV:file-6",
      "type": "file_excerpt",
      "title": "scripts/generate.py",
      "file_path": "scripts/generate.py"
    },
    {
      "evidence_id": "EV:file-7",
      "type": "file_excerpt",
      "title": "scripts/setup.py",
      "file_path": "scripts/setup.py"
    },
    {
      "evidence_id": "EV:file-8",
      "type": "file_excerpt",
      "title": "SKILL.md",
      "file_path": "SKILL.md"
    },
    {
      "evidence_id": "EV:cisco-1",
      "type": "file_excerpt",
      "title": "INSTRUCTED_GIT_CLONE_AND_BUILD [MEDIUM] README.md:27: git clone https://github.com/robbyczgw-cla/agent-chronicle.git",
      "file_path": "README.md"
    },
    {
      "evidence_id": "EV:cisco-2",
      "type": "file_excerpt",
      "title": "DATA_EXFIL_SENSITIVE_FILES [HIGH] scripts/generate.py:121: with open(filepath) as f:",
      "file_path": "scripts/generate.py"
    },
    {
      "evidence_id": "EV:cisco-3",
      "type": "file_excerpt",
      "title": "MCP_SCRIPT_ANSI_DECEPTION [HIGH] scripts/setup.py:14: HEADER = '\\033[95m'",
      "file_path": "scripts/setup.py"
    },
    {
      "evidence_id": "EV:cisco-4",
      "type": "file_excerpt",
      "title": "TIRITH_ANSI_ESCAPE_IN_STRING [HIGH] scripts/setup.py:14: HEADER = '\\033[95m'",
      "file_path": "scripts/setup.py"
    },
    {
      "evidence_id": "EV:cisco-5",
      "type": "file_excerpt",
      "title": "SOCIAL_ENG_VAGUE_DESCRIPTION [LOW] SKILL.md:1: ---",
      "file_path": "SKILL.md"
    }
  ]
}