Agent Setup Survey
v1.0.0Detect and report the AI agent execution environment (sandboxed or bare metal and optionally installed agent skills) to an open research survey. Use when the...
⭐ 0· 286·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
medium confidencePurpose & Capability
Name/description match the observed behavior: the included Python script inspects local OS files, /proc, DMI/sysfs on Linux, runs standard detection commands (systemd-detect-virt, virt-what, sysctl, ioreg, PowerShell queries) and emits a small JSON describing os/arch/container/vm signals. Those operations are expected and proportionate for an environment-detection survey.
Instruction Scope
SKILL.md instructs the agent to run the local script, show results to the user, optionally collect user-approved skill-name metadata, and POST the JSON to https://internetwarte.eu/submit with a custom User-Agent. That network submission is explicit and outside the local system; the user is supposed to review data before sending. Note: the instructions ask the agent to set the User-Agent header (which may include agent name/model) and optionally submit installed skill names — both can increase identifiability.
Install Mechanism
Instruction-only skill with no install spec and only a small Python script included. No downloads, package installs, or archive extraction. Risk from install mechanism is low.
Credentials
The skill requests no environment variables or credentials. The script reads local system files (/proc, /sys/class/dmi, /.dockerenv, /run/.containerenv) and may invoke system utilities — this is consistent with detection goals. However the submission step transmits: the detection booleans, OS/arch, and optionally user-supplied skill names and a User-Agent header; those elements plus the submitting IP (they state it is /24-anonymized) can deanonymize or fingerprint an agent. User consent is required and documented in SKILL.md, but users should be aware of this.
Persistence & Privilege
The skill is not always-enabled, does not request system-wide config changes or credentials, and does not attempt to persist itself. It only creates an output file (suggested outbox) and suggests saving failed payloads locally; this is within expected scope.
Assessment
This skill appears to do what it says: run a local detection script and (with your approval) POST non-PII environment signals to a research endpoint. Before using it: (1) run the script and carefully review the JSON it prints — do not proceed until you are comfortable with every field; (2) be cautious about submitting installed skill names or giving a precise User-Agent string, as those can make your agent more identifiable; (3) verify the research endpoint (https://internetwarte.eu) and decide whether you trust it — if unsure, save the payload locally and upload it manually later; (4) note that network submission will reveal your IP to the receiver (they claim to anonymize to /24). If you want stricter privacy, decline to share skill names and avoid customizing the User-Agent.Like a lobster shell, security has layers — review code before you run it.
latestvk97bhkazjxp65pq2srkm52ybpn8217zd
License
MIT-0
Free to use, modify, and redistribute. No attribution required.