ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Infrastructure for agents

v1.0.1

Infrastructure for AI Agents. Phone, email, Social accounts, compute, domains, and voice calling for AI agents. Pay with USDC on Solana or Base via x402.

0· 241·0 current·0 all-time
by@0xartex
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
The skill advertises phone, email, compute, domains, wallets and a CLI/API. The included decrypt-email.mjs reads a Solana keypair and decrypts NaCl boxes — this matches the SKILL.md claim that inboxes are E2E encrypted to your wallet. No unrelated credentials or services are requested.
!
Instruction Scope
SKILL.md instructs running the CLI and the local decrypt-email.mjs helper which reads your Solana private key file (~/.config/solana/id.json by default) to derive an X25519 secret and decrypt messages. Reading the user's private key is necessary for decryption but is highly sensitive; users should be aware the script accesses local private key material and will prompt you to install tweetnacl if missing.
Install Mechanism
There is no formal install spec in the skill bundle. The README suggests installing @agntos/agentos via npm (or using npx). Installing an npm package runs arbitrary code (postinstall scripts) from the package owner — this is expected for a CLI but requires trust in the package source. The included decrypt-email.mjs has no hidden downloads; it tries to import tweetnacl and exits with an install hint if missing.
!
Credentials
The skill does not declare environment variables but the helper script implicitly reads HOME and the Solana keypair file path (~/.config/solana/id.json) from disk. Access to the Solana private key is proportionate to decrypting E2E emails, but is extremely sensitive — the skill asks to read your private key without formal declared env/permission metadata.
Persistence & Privilege
The skill is instruction-only with no install spec that would persist code beyond the included files. always is false and it does not request permanent platform privileges or modify other skills/config. Autonomous invocation is allowed by default but not an added privilege here.
Assessment
This skill appears to do what it says, but exercise caution before installing or running anything that reads your Solana private key. Actions to consider: - Inspect decrypt-email.mjs yourself (you have it) before running it. It reads your keypair JSON and derives a decrypting secret — if you run it, the script will access plaintext private key bytes on disk. - Prefer passing an explicit keypair path rather than relying on the default. Use an ephemeral keypair if possible (create a dedicated key for AgentOS inboxes) rather than your main wallet. - Verify the @agntos/agentos npm package and its GitHub source (postinstall scripts, maintainer identity) before npm i -g or npx. Global npm installs can execute arbitrary code. - Do not paste or upload your private key to external services. Only run local decryptors that you have audited, and avoid running scripts that automatically upload or transmit key material. - If you are uncomfortable exposing a raw keyfile, consider using a hardware wallet or a derived ephemeral keypair solely for email decryption and payments. If you'd like, I can: (a) walk through decrypt-email.mjs line-by-line and explain exactly what it does, (b) suggest a safer ephemeral-key workflow, or (c) draft a checklist to vet the @agntos/agentos npm package before installation.

Like a lobster shell, security has layers — review code before you run it.

latestvk97f2m5z0fz4t8fwp4zz84z3p5840vmf

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments