Flux
Security checks across malware telemetry and agentic risk
Overview
Flux appears to be a legitimate shared-state integration, but it stores agent data persistently and can use powerful tokens for deletion or admin changes.
Install this only if you intend agents to coordinate through Flux. Use a namespace-scoped FLUX_TOKEN, avoid setting FLUX_ADMIN_TOKEN unless you need admin changes, confirm delete or batch-delete actions before running them, and do not publish secrets or sensitive private data to shared Flux state.
VirusTotal
66/66 vendors flagged this skill as clean.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The skill may not work unless curl is available, and users should understand it makes HTTP requests to the configured Flux service.
The skill’s own documentation says curl is required, while the registry requirements list no required binaries. This is an under-declared but disclosed setup dependency, not hidden behavior.
2. **curl** installed (required)
Declare curl as a required binary in metadata and review the included script before using it.
If used carelessly, an agent could remove shared Flux entities or change runtime settings on the configured Flux instance.
The CLI exposes batch deletion of state entities and admin configuration updates. These are disclosed management features, but they are higher-impact than simple publish/query operations.
batch-delete) ... api_call POST "/api/state/entities/delete" "$filter" ... admin-config) ... curl -s -X PUT "${FLUX_URL}/api/admin/config"Require explicit user confirmation for delete, batch-delete, and admin-config updates; use narrow namespace filters and least-privilege tokens.
A session with FLUX_ADMIN_TOKEN can update Flux runtime configuration, and FLUX_TOKEN authorizes access to the configured Flux namespace or instance.
The skill requires a bearer token and optionally supports an admin token. This is expected for the Flux API integration, but the admin token grants broader authority.
"requires": { "env": ["FLUX_TOKEN"] }, "primaryEnv": "FLUX_TOKEN", "optionalEnv": ["FLUX_URL", "FLUX_ADMIN_TOKEN"]Use least-privilege Flux tokens, store them securely, and only set FLUX_ADMIN_TOKEN in sessions that truly need admin configuration changes.
Information published to Flux may persist and influence other agents later; incorrect or malicious observations could be treated as canonical state.
The core design is persistent shared state reused by agents. This is disclosed and purpose-aligned, but shared memory can carry sensitive data or untrusted observations forward.
Flux is a persistent, shared, event-sourced world state engine. Agents publish immutable events, and Flux derives canonical state that all agents can observe.
Do not publish secrets or private data unless intended, use namespace isolation, validate important state before acting on it, and define cleanup or retention practices.