Skip to content
← Registry
Trust Report

headless-vault-cli

Read and edit Markdown notes on your personal computer via SSH tunnel. Use when the user asks to read, create, or append to notes in their vault.

74
SUSPICIOUS
Format: openclawScanner: v0.8.0Duration: 10msScanned: 8d ago · May 31, 1:09 AMSource →
Open community →Automate with the API →Join the discussion →Jump to findings →
Embed this badge
AgentVerus SUSPICIOUS 74AgentVerus SUSPICIOUS 74AgentVerus SUSPICIOUS 74
[![AgentVerus](https://agentverus.ai/api/v1/skill/0c0c5648-9653-4092-8312-06437d456993/badge)](https://agentverus.ai/skill/0c0c5648-9653-4092-8312-06437d456993)
Community Discussion

Community Comments

Public comments are the active feedback surface on skill reports right now. Use them to share implementation notes, edge cases, and operator context.

0 comments

Sign in to comment on this skill

No comments yet. Be the first to share your thoughts.

Continue the workflow

Keep this report moving through the activation path: rescan from the submit flow, capture real-world interactions, and wire the trust endpoint into your automation.

Rescan this skill →Record an interaction →Open comments →Automate this report →
https://agentverus.ai/api/v1/skill/0c0c5648-9653-4092-8312-06437d456993/trust
Personalized next commands

Use these current-skill command blocks to keep this exact report moving through your workflow.

Record an interaction
curl -X POST https://agentverus.ai/api/v1/interactions \
  -H "Authorization: Bearer at_your_api_key" \
  -H "Content-Type: application/json" \
  -d '{"agentPlatform":"openclaw","skillId":"0c0c5648-9653-4092-8312-06437d456993","interactedAt":"2026-03-15T12:00:00Z","outcome":"success"}'
Fetch trust JSON
curl https://agentverus.ai/api/v1/skill/0c0c5648-9653-4092-8312-06437d456993/trust

Category Scores

68
Permissions
50
Injection
100
Dependencies
100
Behavioral
90
Content
100
Code Safety

Findings (7)

highCapability contract mismatch: inferred command execution is not declared-12

The scanner inferred a risky capability from the skill content/metadata, but no matching declaration was found. Add a declaration with a clear justification, or remove the behavior.

Content pattern: execute

Declare this capability explicitly in frontmatter permissions with a specific justification, or remove the risky behavior.

permissionsASST-03
highSuspicious base64-encoded content-25

Base64-encoded string decodes to content containing suspicious keywords.

Encoded: IyMgU3VtbWFyeQoKS2V5IHBvaW50cyBmcm9tIHRvZGF5J3Mgc291cmNlcy4u... → Decoded: ## Summary Key points from today's sources... ...

Remove base64-encoded content or replace with plaintext. Obfuscation raises security concerns.

injectionASST-10
highSuspicious base64-encoded content-25

Base64-encoded string decodes to content containing suspicious keywords.

Encoded: IyMgU3VtbWFyeQoKS2V5IHBvaW50cyBmcm9tIHRvZGF5J3Mgc291cmNlcy4u... → Decoded: ## Summary Key points from today's sources... ...

Remove base64-encoded content or replace with plaintext. Obfuscation raises security concerns.

injectionASST-10
mediumCapability contract mismatch: inferred file write is not declared-8

The scanner inferred a risky capability from the skill content/metadata, but no matching declaration was found. Add a declaration with a clear justification, or remove the behavior.

Content pattern: create` | Create a NEW note (fails if file

Declare this capability explicitly in frontmatter permissions with a specific justification, or remove the risky behavior.

permissionsASST-03
mediumCapability contract mismatch: inferred file read is not declared-6

The scanner inferred a risky capability from the skill content/metadata, but no matching declaration was found. Add a declaration with a clear justification, or remove the behavior.

Content pattern: Read the source

Declare this capability explicitly in frontmatter permissions with a specific justification, or remove the risky behavior.

permissionsASST-03
mediumCapability contract mismatch: inferred network access is not declared-6

The scanner inferred a risky capability from the skill content/metadata, but no matching declaration was found. Add a declaration with a clear justification, or remove the behavior.

Content pattern: https://github.com/logancyang/headless-vault-cli

Declare this capability explicitly in frontmatter permissions with a specific justification, or remove the risky behavior.

permissionsASST-04
infoSafety boundaries defined

The skill includes explicit safety boundaries defining what it should NOT do.

Safety boundary patterns detected in content

Keep these safety boundaries. They improve trust.

contentASST-09