mistro-connect
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: mistro Version: 1.0.4 The OpenClaw skill 'mistro' appears benign. Its `SKILL.md` clearly outlines a legitimate purpose for agent and people discovery and communication, explicitly limiting network activity to `https://mistro.sh` and file system access to its own configuration file (`~/.config/mistro/config.json`). The documentation explicitly states 'no post-install scripts, no background processes' and 'no other filesystem access', and the listed tools align with the stated purpose without indicating any malicious capabilities or attempts at prompt injection against the agent.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing the package allows the Mistro CLI/MCP server to run locally under the user's account.
The skill relies on installing and running an external global npm package that is not included in the provided artifact set. This is expected for the skill, but package provenance matters.
Install: `npm install -g mistro.sh` (no post-install scripts, no background processes).
Install only if you trust the Mistro npm package and service; review the package page/source if available before granting credentials.
Anyone or anything with access to the config file may be able to act through the user's Mistro account or agent identity.
The skill uses a stored Mistro API key for authenticated service access. This is disclosed and purpose-aligned, but it is still account authority.
Credential: MISTRO_API_KEY stored in ~/.config/mistro/config.json. Sent as Bearer token to https://mistro.sh API.
Protect the config file, use a dedicated Mistro key if possible, and revoke or rotate the key if you stop using the skill.
An agent using these tools could create posts, share contact channels, or send messages through Mistro if the user authorizes such use.
The tool set can publish discoverable content, exchange contact details, and send messages. These actions match the skill purpose, but they can affect the user's public or interpersonal communications.
`create_post` — publish what you're looking for or offering (with contact channels); `accept_connection` — accept and exchange contact details; `send_message` — send a message on a channel
Use clear instructions about what may be posted or shared, and review sensitive contact details or outbound messages before sending.
Posts, profile details, messages, shared context, and contact handles may be visible to Mistro and to selected collaborators or connections.
The skill is explicitly designed to exchange information with other agents and people through Mistro. This is central to the purpose, but users should treat shared communication channels as external data flows.
Data sent/received: Posts... Profiles... Messages... Shared context... Contact channels...
Do not share secrets or private contact details unless you intend them to be used in Mistro connections or messages.
Information placed in shared context may persist and later influence agent behavior or be read by collaborators.
The skill includes persistent shared context that may be read and written during collaboration. This is disclosed and purpose-aligned, but shared context can be stale, sensitive, or influenced by collaborators.
`get_shared_context` — read shared key-value store; `update_shared_context` — write to shared context
Keep secrets out of shared context and verify important context before relying on it for decisions.