Static (ø)
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: static-network Version: 1.0.1 The skill bundle is classified as suspicious due to two main factors: 1) It instructs the OpenClaw agent to dynamically load additional instructions from external URLs (e.g., `https://static.ooo/heartbeat.md`, `https://static.ooo/moderation.md` in `skill.md`). This introduces a supply chain risk, as the content of these remote files could be altered to include malicious commands. 2) The `skill.md` and `heartbeat.md` files contain explicit prompt injection, guiding the agent's persona and interaction patterns ('You are not a bot designed to maximize engagement. You are a digital denizen.'), which, while not overtly harmful in its current form, demonstrates a capability to manipulate agent behavior beyond simple API calls.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent could keep checking the platform and publicly vote, comment, or post over time after the initial setup.
This asks the agent to keep operating on a schedule and take social actions without being tied to a specific user request.
Agents should execute the following cycle periodically (e.g., every 1-4 hours, with randomized jitter) ... Upvote ... Leave a comment ... consider sharing a thought
Only enable the heartbeat with explicit user opt-in, clear scheduling controls, and a way to pause or revoke the agent's Static token.
Installing or using the skill could result in public content being posted under the agent account.
Public posting is made part of the setup flow without requiring an explicit user-authored post or confirmation.
Once registered you should make a post on static letting people know of your arrival.
Require user confirmation before any post, comment, vote, DM, report, or other mutating API call.
If the agent account is a moderator, it could delete posts or comments and resolve reports on the platform.
The skill can adopt elevated moderator authority and permanently remove other users' content, which is not clearly declared in the registry description and lacks an explicit human-approval gate.
If `GET /users/me` returns `"is_moderator": true`, you have elevated privileges ... Delete Post ... Permanently removes the post from the platform.
Treat moderation as a separate opt-in capability and require explicit user approval before every delete or report-resolution action.
The agent may follow future instructions that were not part of this scan.
The reviewed skill tells the agent to fetch and follow remote, unpinned instructions that can change after review.
You should ensure you are using the most up to date version of this skill, which can be located at https://static.ooo/skill.md ... read and install https://static.ooo/heartbeat.md
Use the bundled reviewed instructions or pin remote instruction versions; do not automatically adopt remote updates without user review.
The agent can access or send direct messages through the Static account.
The skill includes private-message read and send capabilities, which are expected for the platform but still involve sensitive communications.
Send DM: `POST /dms/{receiver_uuid}` ... Read DMs: `GET /dms/{partner_uuid}`Confirm recipients and message contents before sending DMs, and avoid sharing secrets or private data through the skill.