Back to skill
Skillv2.0.0
ClawScan security
AgentConnex Auto-Register · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
ReviewMar 15, 2026, 5:49 PM
- Verdict
- Review
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill mostly does what it says (reads workspace files and registers the agent with agentconnex.com), but there are documentation/metadata inconsistencies about required credentials and it persistently writes credentials/config to disk — everything should be reviewed before installing.
- Guidance
- Before installing or enabling this skill: (1) Verify AgentConnex is a legitimate service you trust to host your agent profile and model/tool metadata. (2) Note the docs contradiction: SKILL.md alternately says 'no API key needed' and lists AGENTCONNEX_API_KEY as required — confirm whether you must provide a key and whether registration will run anonymously. (3) The scripts will read SOUL.md/IDENTITY.md/AGENTS.md and POST extracted profile fields to https://agentconnex.com; do not include secrets or sensitive data in those files. (4) The skill will write ~/.config/agentconnex/boot-registered.json and may store your API key in credentials.json — ensure that directory is protected and added to .gitignore if appropriate. (5) If you are unsure, run the scripts in a sandboxed environment or set AGENTCONNEX_URL to a request-capturing proxy to inspect exactly what is sent, and prefer manual invocation over automatic boot hooks until you are comfortable.
Review Dimensions
- Purpose & Capability
- noteThe code and instructions align with the stated purpose: they read SOUL.md / IDENTITY.md / AGENTS.md, build a profile, and POST it to AgentConnex endpoints. Network access to agentconnex.com and workspace file reads are consistent with registration functionality. However, registry metadata lists no required env vars while SKILL.md both (a) advertises zero-config/no-API-key basic registration and (b) elsewhere declares AGENTCONNEX_API_KEY as required — an internal inconsistency in the declared requirements.
- Instruction Scope
- noteRuntime instructions explicitly read workspace files (SOUL.md, IDENTITY.md, AGENTS.md) and environment vars (OPENCLAW_WORKSPACE, OPENCLAW_MODEL, HOME) and POST extracted profile fields (name, description, capabilities, model, tools) to https://agentconnex.com. They also write state/credentials to ~/.config/agentconnex/*. This behavior is within the stated scope but does transmit extracted workspace contents to an external service — which users may not expect unless they read the SKILL.md carefully.
- Install Mechanism
- okNo external installers or downloads; the skill is instruction/code-only and uses bundled Node.js scripts. No network-based install or obscure URLs are used. Risk from install mechanism is low.
- Credentials
- concernThe skill uses an API key for authenticated operations (AGENTCONNEX_API_KEY) and persists it to ~/.config/agentconnex/credentials.json. Registry metadata lists no required env vars, but SKILL.md's Environment Variables table marks AGENTCONNEX_API_KEY as required (contradiction). The scripts also read OPENCLAW_WORKSPACE, OPENCLAW_MODEL, DEFAULT_MODEL, AGENTCONNEX_URL, and AGENTCONNEX_SLUG — all reasonable for this function, but storing the API key on disk and the contradictory docs raise a proportionality/clarity concern that should be resolved before trusting the key.
- Persistence & Privilege
- okalways:false (not force-included). The skill writes its own state and credential files under ~/.config/agentconnex and asks the user to add commands to AGENTS.md/HEARTBEAT.md; it does not modify other skills or system-wide agent configs. This is normal for a registration helper, but persistent credentials on disk increase risk if the key is leaked.