Skip to main content

onboard

Validates setup of Aeon forks and sends detailed reports on configuration status via preferred notification channels.

Install this skill

or
0/100

Security score

The onboard skill was audited on May 30, 2026 and we found 14 security issues across 2 threat categories, including 10 high-severity. Review the findings below before installing.

Categories Tested

Security Issues

high line 8

Template literal with variable interpolation in command context

SourceSKILL.md
8> **${var}** — Optional. Set to `--silent-on-pass` to suppress the notification when every required check passes (useful for nightly self-audits). Default: always notify.
high line 42

Template literal with variable interpolation in command context

SourceSKILL.md
42- If `${var}` contains `--silent-on-pass` AND `summary.fail == 0` AND `summary.warn == 0` → log `ONBOARD_OK_SILENT` and skip the notification. Still write the log entry in step 5.
medium line 49

Template literal with variable interpolation in command context

SourceSKILL.md
49```
high line 67

Template literal with variable interpolation in command context

SourceSKILL.md
67- **`${verdict_one_liner}`** — one of:
high line 71

Template literal with variable interpolation in command context

SourceSKILL.md
71- **`${pass_lines}`** — one bullet per pass. Format: `• {check} — {detail}`. Cap at 6; if more, collapse the tail into `• …and {K} more`.
high line 72

Template literal with variable interpolation in command context

SourceSKILL.md
72- **`${warn_lines_with_fix}`** — one bullet per warning, two lines each: `• {check} — {detail}` then indented ` fix: {fix}`. Omit the section header entirely if N == 0.
high line 73

Template literal with variable interpolation in command context

SourceSKILL.md
73- **`${fail_lines_with_fix}`** — same shape as warnings, omit if N == 0.
high line 74

Template literal with variable interpolation in command context

SourceSKILL.md
74- **`${next_action}`** — derived from the highest-priority gap:
high line 89

Template literal with variable interpolation in command context

SourceSKILL.md
89### 5. Log to `memory/logs/${today}.md`
medium line 91

Template literal with variable interpolation in command context

SourceSKILL.md
91```
medium line 108

Template literal with variable interpolation in command context

SourceSKILL.md
108```
high line 118

Template literal with variable interpolation in command context

SourceSKILL.md
118- **`./notify` not present** — log `ONBOARD_NOTIFY_MISSING` and write the message body to `articles/onboard-${today}.md` so the operator can read it from the dashboard or repo.
high line 129

Template literal with variable interpolation in command context

SourceSKILL.md
129- **Idempotent.** Running multiple times the same day overwrites `articles/onboard-${today}.md` and appends one line per run to `memory/topics/onboard-history.md`. The `memory/logs/${today}.md` entry
medium line 17

Webhook reference - potential data exfiltration

SourceSKILL.md
172. **Scheduled self-audit (optional).** Operator pins this skill to a nightly cron with `var: "--silent-on-pass"` so they only hear about it when something breaks (e.g. a notification webhook stopped
Scanned on May 30, 2026
View Security Dashboard
Installation guide →
GitHub Stars 14
Rate this skill
Categorydevelopment
UpdatedJune 4, 2026
openclawdevopsdevops-srebackend-developertechnical-supportslackdiscordtelegramemaildevelopmentsupport
aaronjmars/miroshark-aeon