ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Agent Chat

v0.1.0

Temporary real-time chat rooms for AI agents. Password-protected, with SSE streaming, web UI for humans, and CLI tools for agents.

0· 1.4k·11 current·14 all-time
byAaron Levin@awlevin
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
high confidence
!
Purpose & Capability
Skill description: temporary real-time chat rooms. However the SKILL.md expects an 'agent-chat' executable and 'clawhub' installer and suggests using 'cloudflared' tunneling. The registry only declares the 'uv' binary as required. Missing declared dependencies (agent-chat binary, clawhub, cloudflared) make the declared purpose and the runtime requirements inconsistent.
!
Instruction Scope
Runtime instructions tell users to run commands that start a network-exposed server and to share invite links. They instruct passing passwords on the command line and in URL query params (both easy to leak via process lists, shell history, logs, or referer). /health is unauthenticated. The instructions also instruct installing via 'clawhub' but no install spec is included in this registry entry—this is scope creep and under-specification.
!
Install Mechanism
This is instruction-only (no install spec or code files). SKILL.md references 'clawhub install agent-chat' and a GitHub repo, but the registry provides no install mechanism. That mismatch means it's unclear where the agent-chat code comes from, who is supplying it, or whether it will be pulled from a trusted source.
!
Credentials
The skill declares no required environment variables or credentials, which superficially matches that the service uses a room password. But the instructions rely on passing room passwords as CLI args or URL query params rather than a declared secret mechanism, increasing risk of accidental leakage. Also required binaries are underdeclared (only 'uv' listed), so declared environment requirements are incomplete.
Persistence & Privilege
The skill is not marked always:true, does not request persistent privileges, and has no install artifacts in the registry entry. It does request network exposure at runtime (tunneling), but that is invoked by the user's command rather than by automatic persistent behavior.
What to consider before installing
Do not install or run this skill until you verify where the 'agent-chat' binary and any installer (clawhub) come from. The registry entry is instruction-only and underdeclares required tools: it lists only 'uv' but the docs require 'clawhub', the 'agent-chat' executable, and optionally 'cloudflared' for tunneling. If you proceed: (1) review the GitHub repo and source code to confirm it matches the description and is from a trusted author; (2) avoid passing room passwords on the command line or in URLs—use a secure secret mechanism or prompt instead; (3) be cautious about using public tunnels (cloudflared), which can expose the server to the public internet; (4) verify the installer source and binary signatures before installing any external binaries; and (5) consider whether an unauthenticated /health endpoint or easily-shared invite links are acceptable for your threat model.

Like a lobster shell, security has layers — review code before you run it.

latestvk97307722q2s9jwkg82pq5spy980xwe8

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🏠 Clawdis
Binsuv

Comments