chill.institute
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: chill-institute Version: 1.0.0 The skill bundle is designed to automate interaction with `chill.institute` and `put.io`. The `SKILL.md` instructions guide the AI agent through browser automation steps and include a `bash` command to execute `skills/putio/scripts/list_transfers.sh` for verifying transfers, which is aligned with the stated purpose. Crucially, the `SKILL.md` explicitly instructs the agent *not* to ask for user passwords or scrape/store cookies/session tokens, indicating a clear intent to prevent common malicious behaviors and reinforcing its benign nature.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A mistaken selection could add unwanted content to the user's put.io transfers.
The instructions allow the agent to choose a search result and initiate a transfer in the user's put.io account.
Pick the best result ... Click send to put.io.
Ask the agent to show the chosen result, size, quality, and source before clicking send.
The agent can perform the described transfer workflow using the active browser session.
The skill relies on a logged-in OAuth browser session to act on the user's put.io account.
User must be logged in to chill.institute (put.io OAuth in the browser).
Use an isolated browser profile, complete OAuth yourself, do not share passwords in chat, and log out or clear the session when finished.
Running this command executes code outside this instruction-only skill's artifact set.
The workflow includes an optional local shell command from a separate putio skill to verify transfers.
bash skills/putio/scripts/list_transfers.sh
Only run the verification command if the separate putio skill is installed from a trusted source and you are comfortable with its script.