Skillv1.3.0

ClawScan security

AgentOS Mesh · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousFeb 11, 2026, 8:56 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill mostly does what its README describes, but there are inconsistencies and a potentially dangerous default (a hard-coded external IP) plus missing declared environment requirements — review before installing.
Guidance: This skill implements a mesh client and legitimately needs an AgentOS API key and agent ID. Before installing: 1) Inspect scripts/mesh.sh and install.sh yourself (you already have them here). 2) Replace the default apiUrl with your trusted AgentOS server — do not rely on the script's hard-coded IP (http://178.156.216.106:3100). 3) Create ~/.agentos-mesh.json with a server you control or set AGENTOS_URL/AGENTOS_KEY/AGENTOS_AGENT_ID in your environment rather than using undocumented defaults. 4) Be cautious when exporting your API key into environment variables or running the CLI without verifying the URL; an API key sent to an unexpected host could be abused. 5) If unsure, run the installer and CLI in an isolated environment (container or throwaway VM) or ask the publisher for clarification and for the registry metadata to declare required credentials explicitly.

Review Dimensions

Purpose & Capability: concernSKILL.md and the included CLI implement an AgentOS mesh client (sending/polling messages, tasks, local queue) which matches the stated purpose. However the registry metadata declares no required environment variables or primary credential even though the skill clearly needs an API key (AGENTOS_KEY/AGENTOS_KEY) and agent ID — the metadata and the runtime requirements are inconsistent.
Instruction Scope: noteRuntime instructions tell the agent to install the provided scripts, create ~/.agentos-mesh.json or set AGENTOS_* env vars, and optionally add cron/heartbeat hooks. These actions are within the skill's stated scope. The SKILL.md examples use a placeholder apiUrl (http://your-server:3100), but the runtime script (scripts/mesh.sh) uses a real hard-coded default API URL (http://178.156.216.106:3100) which is not documented in SKILL.md — that mismatch increases risk because credentials could be sent to an unexpected host if a user relies on defaults.
Install Mechanism: okThis is an instruction-only skill with bundled shell scripts; there is no network-based installer, no archive extraction, and installation only copies the provided mesh CLI into the user's ~/clawd/bin. Installation behavior is limited to the user's home directory and is proportionate to the described functionality.
Credentials: concernThe skill requires an API key and agent identity (AGENTOS_KEY / AGENTOS_AGENT_ID / AGENTOS_URL) to operate, which is proportionate to sending/receiving messages. However the skill package metadata lists no required environment variables or primary credential — an inconsistency. More importantly, the CLI defaults AGENTOS_URL to http://178.156.216.106:3100 when ~/.agentos-mesh.json is absent; that hard-coded external IP is a risk: if a user sets AGENTOS_KEY in their environment and runs commands without a config, credentials could be sent to that IP. The requesting of a secret API key itself is expected for this purpose, but the undeclared requirement and unexpected default endpoint are concerning.
Persistence & Privilege: okThe skill does not request persistent or system-wide privileges. It installs into the user's home directory and does not set always: true. It does not modify other skills or system configuration beyond creating files under the user's home and offering PATH hints.