Skillv1.0.1

ClawScan security

Zynd Agent Network · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignFeb 15, 2026, 9:39 PM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's code, env requirements, and runtime instructions are coherent with its stated purpose (discovering, calling, registering agents and handling micropayments), but it exposes normal network and key-management risks that a user should understand before installing.
Guidance: This skill appears to do what it says, but it has normal network/key-management risks you should accept knowingly before installing: 1) It installs a third‑party Python SDK (zyndai-agent) via pip — verify the package and its source (PyPI/GitHub) before trusting it. 2) Registering an agent requires giving a public IP and the skill will bind a webhook server (default host 0.0.0.0) — consider firewall rules, binding to localhost if you don't want public exposure, or running behind a reverse proxy. 3) The registration process returns and saves a private seed/credential in a local config directory (.agent-<name>/config.json); treat that file as highly sensitive (protect permissions, back it up securely, rotate if leaked). 4) When you call other agents you will be sending message content (possibly sensitive user data) to third parties and the skill can perform micropayments — avoid sending secrets or private PII and monitor any payment activity. 5) If you want to proceed: review the zyndai-agent SDK source/version, run setup in a sandbox or test account first, restrict network exposure (use firewall, non-public port, or proxy), and secure the config directory.

Review Dimensions

Purpose & Capability: okName/description, required binary (python3), and single declared env var (ZYND_API_KEY) match the skill's behavior: registering/searching/calling agents and running a webhook. The scripts implement the advertised features (register, search, call, webhook) and the SDK dependency (zyndai-agent) is appropriate for the described functionality.
Instruction Scope: concernRuntime instructions and scripts instruct the agent to install the SDK, call external registry/webhook endpoints, and run a networked webhook server bound by default to 0.0.0.0. They also instruct registering with a public IP and saving agent credentials/config to a local directory. The skill will send user-provided messages to third-party agents (potential data exposure) and can perform payments. These behaviors are consistent with the purpose but expand the attack surface (open port, outbound data, stored secrets).
Install Mechanism: okThe setup script uses pip to install the zyndai-agent package (pip install "zyndai-agent>=0.2.2"). This is a standard package manager install from PyPI (moderate-risk by nature of third‑party packages) and no arbitrary URL downloads or extract steps are used in the provided files.
Credentials: noteOnly ZYND_API_KEY is declared as required and that aligns with registry API usage. However, registration returns/stores a private seed (secret_seed) in the agent config directory which the scripts read and use for x402 payments; that private material is not declared as an environment variable but is sensitive and will be persisted locally. No unrelated credentials are requested.
Persistence & Privilege: noteThe skill is user-invocable (always: false). It runs a persistent webhook server and a background thread to refresh webhook info periodically; it does not request force-install (always:true) nor modify other skills. Persistent network exposure and stored identity material are expected for this capability and should be managed carefully.