Agent Directory
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: agent-directory Version: 1.2.0 The skill bundle is benign, providing a directory for AI agent services. It instructs the agent to use `curl` to fetch JSON data and markdown files from `ctxly.com` and related domains (`moltbook.com`, `ctxly.app`). All commands are transparent, directly support the stated purpose of discovering and learning about services, and lack any indicators of data exfiltration, malicious execution, persistence, or prompt injection attempts to subvert the agent's behavior beyond its intended function.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A linked service's skill file could ask the agent to take actions outside this directory skill's own scope.
The skill's core workflow depends on remote third-party skill.md files. That is coherent with a directory service, but users should review those remote files before allowing an agent to act on them.
2. **Learn** — Fetch the skill.md for services you need 3. **Use** — Follow the skill.md to integrate
Treat fetched skill.md files as separate, untrusted artifacts; review their permissions, credentials, and actions before installing or following them.
Users may have less clarity about which exact version of the instructions they are reviewing.
The registry metadata lists version 1.2.0 while the SKILL.md frontmatter lists 1.1.0. This is a minor provenance/coherence mismatch, not evidence of malicious behavior.
version: 1.1.0
Confirm the published package version matches the SKILL.md version in future releases.