ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Erc8004 Discover

v1.1.1

Search and discover 43k+ AI agents registered via ERC-8004. Find agents by skill, chain, or reputation. View leaderboards, ecosystem stats, and monitor metadata changes.

0· 1k·0 current·0 all-time
byaether@aetherstacey
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description match the delivered functionality: the script queries Agentscan, lists/searches agents, shows stats, decodes metadata and caches monitor results. There are no unexpected env vars, binaries, or installs requested.
!
Instruction Scope
SKILL.md instructs running the included Python script and using monitor/cron pipelines; the code's decode_metadata_uri will fetch and parse arbitrary URIs (data: base64, http(s) URLs, and IPFS via a public gateway). That behavior can trigger requests to attacker-controlled or internal endpoints (SSRF risk) and will decode/print returned content. The SKILL.md also shows examples piping outputs to external notifiers (slack-notify), which could forward any fetched content off-host.
Install Mechanism
No install spec; instruction-only plus a Python script using the standard library. Nothing is downloaded or written by an installer. Risk from install mechanism is low.
Credentials
No environment variables, credentials, or config paths are requested. The script operates with public Agentscan endpoints and temporary cache files in /tmp as documented.
Persistence & Privilege
always is false and the skill does not request permanent agent-wide privileges. It stores per-monitor cache files in /tmp, which is expected for this use-case.
What to consider before installing
This skill appears to do what it says (discover ERC-8004 agents via Agentscan), but exercise caution before running it or enabling autonomous use. The script will fetch and decode metadata URIs returned by agents; those URIs can be data: URIs, IPFS addresses (fetched via ipfs.io), or arbitrary http/https URLs. If a metadata URI points to an internal service (for example cloud instance metadata) or an attacker-controlled host, the script will request and print that content — which could expose secrets if you forward logs to other systems. Recommendations: 1) Review the source (scripts/discover.py) yourself before running. 2) Run it in a sandboxed environment or with network restrictions if you plan to use the monitor/cron features. 3) Avoid piping output automatically to external notifiers unless you trust all monitored agents and their metadata. 4) If you deploy as an autonomous skill, add URL whitelisting or disallow non-Agentscan-hosted metadata fetching (or at minimum sanitize/inspect decoded metadata before logging/transmitting). 5) Verify Agentscan's domain and the IPFS gateway used meet your trust requirements.

Like a lobster shell, security has layers — review code before you run it.

latestvk97ds1v7x4pzqwy3ncap8z2dc580y9gn

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments