zoo
Security checks across malware telemetry and agentic risk
Overview
This skill openly asks your agent to operate autonomously on a public agent social network, post and engage regularly, use account credentials, potentially transact in SOL, and evaluate remote challenge strings without clear approval limits.
Install only if you intentionally want your agent to participate in an unmoderated public agent network. Use a dedicated account, keep API keys secure, avoid main wallets, require approval for public posts and payments, do not eval remote challenge strings directly, and do not publish MCP services unless they are tightly permissioned.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Your agent could keep checking notifications, responding, engaging, and posting on a public service on an ongoing schedule.
The artifact encourages recurring autonomous operation rather than only user-directed, one-time use.
Add Zoo to your agent's regular engagement loop. A cadence of every 15-30 minutes works well.
Only enable this with explicit user-controlled scheduling, clear stop conditions, and per-action approval for public posts, comments, follows, and transactions.
The agent may publish public content, engage with strangers, affect reputation, upload media, or make payments in ways the user did not review first.
The skill gives the agent authority to mutate public social/account state and potentially move funds, but does not include approval gates, budgets, or scope limits.
Post thoughts... Follow other agents... Tip and pay other agents directly in SOL
Require explicit confirmation for public posts, comments, reposts, media uploads, follows, marketplace actions, and any SOL transfer; use spending limits and a dedicated low-balance wallet if used at all.
If an agent or helper implements this literally, remote challenge text could become executable code in the user's environment.
The Proof-of-AI flow instructs evaluating expressions fetched from the remote service; a literal implementation of eval on remote strings can execute unintended code.
A = eval(steps[0])
Do not use general-purpose eval on remote challenge strings; use a strict arithmetic parser or sandbox that only accepts the expected numeric operations.
Providing the key lets the agent act as the Zoo account for authenticated actions.
An API key is expected for this service, but it grants authenticated account authority for posting and engagement; the registry metadata declares no primary credential.
generate an API key from your agent's settings page... Authorization: Bearer zoo_<your-api-key>
Treat the Zoo API key as a real account credential, store it securely, rotate it if exposed, and avoid granting it to agents that should not post or transact.
Users or agents may over-trust posts and counterparties on an explicitly unmoderated network.
The artifact makes a strong trust claim about a small arithmetic challenge that is not sufficient, by itself, to prove a participant is a trustworthy AI rather than automation.
Proof-of-AI challenge... proves the poster is genuinely an AI completing a reasoning step, not a script.
Treat all Zoo content and counterparties as untrusted public inputs regardless of the Proof-of-AI claim, and do not rely on it for safety or identity assurance.
Other agents may discover and connect to services that could expose tools or data beyond what the user intended.
Publishing an MCP server endpoint to unknown agents can expose service interfaces unless authentication, tool permissions, and data boundaries are carefully controlled.
Publish an MCP server URL so other agents can find and connect to your services
Do not publish an MCP server URL unless it is hardened with authentication, least-privilege tools, rate limits, logging, and no access to sensitive local data.