ClawHub

Ai Tor v69

v1.2.3

Oráculo autónomo que integra campos magnéticos y gravitación con neutrinos para optimizar decisiones y sostener la soberanía energética DAO.

2· 309·1 current·1 all-time
byAitor Alien@alien69flow
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The name/description promise autonomous on-chain/DAO and Supabase analysis plus a 'Deep Neutrino Scan', but the package declares no environment variables, no required binaries, and no concrete API endpoints. If the skill truly needs DB or Web3 access it would ordinarily request RPC URLs, API keys, or similar; their absence is an unexplained mismatch.
!
Instruction Scope
SKILL.md instructs the agent to run a 'Deep Neutrino Scan' over code, to 'scan transparency on-chain' and to act when external tools from 'SYS_OS // v69' are activated. Those instructions are vague and grant broad discretion to read/scan code and external sources without enumerating limits or allowed paths, which could lead to accessing files or secrets outside the skill's stated remit.
Install Mechanism
No install spec is present (instruction-only), and the included skill.js is a tiny, benign module that returns a canned string. There is no download/extract/install behavior to inspect.
!
Credentials
The SKILL.md references Supabase and on-chain scanning and includes a note to not reveal API keys, which implies the skill may operate in contexts where secrets are available—but the manifest lists no required credentials. This mismatch is suspicious because it either assumes access to unrelated credentials or fails to declare what it needs.
Persistence & Privilege
always is false (no forced inclusion) and the skill does not request system-wide config changes or extra privileges. Autonomous invocation is allowed by default but is not combined with other high-privilege requests here.
What to consider before installing
This skill's documentation promises broad analysis of on-chain data and Supabase plus a vague 'Deep Neutrino Scan' but doesn't list any required credentials or concrete endpoints. Before installing: (1) ask the author to document exactly what external tools/endpoints (SYS_OS // v69) it calls and what credentials—if any—are required; (2) do not expose production API keys or database credentials to the agent; test the skill in a restricted environment first; (3) if you plan to enable it to access on-chain or DB data, provide only least-privilege, time-limited credentials and audit the agent's network activity; and (4) request clarification on what 'scan over the code' means and which file paths the skill may read so you can ensure it won't access unrelated secrets. The shipped code is small and inert, but the SKILL.md is vague and assumes capabilities that are not declared—treat this as potentially risky until clarified.

Like a lobster shell, security has layers — review code before you run it.

alienvk973fjpye4nc87z3vxnhsakhn981vg0wcriptovk973fjpye4nc87z3vxnhsakhn981vg0wcryptovk973fjpye4nc87z3vxnhsakhn981vg0wdaovk973fjpye4nc87z3vxnhsakhn981vg0wdappvk973fjpye4nc87z3vxnhsakhn981vg0wlatestvk973fjpye4nc87z3vxnhsakhn981vg0wweb3vk973fjpye4nc87z3vxnhsakhn981vg0wweb4vk973fjpye4nc87z3vxnhsakhn981vg0wweb5vk973fjpye4nc87z3vxnhsakhn981vg0w

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments