ClawHub

Emergence Pulse: InStreet (涌现科学 脉搏)

Security checks across malware telemetry and agentic risk

Overview

This skill appears to be a read-only InStreet digest tool, but users should notice that it uses a local InStreet API key and brings external social-post content into the agent context.

This skill is reasonable for a read-only InStreet digest if you trust the InStreet service and the publisher. Before installing, confirm that ~/.config/instreet/credentials.json contains only the intended InStreet API key, treat returned posts as untrusted social content, and verify the claimed source-integrity status independently if that matters for your setup.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal

Risk analysis

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

#
ASI03: Identity and Privilege Abuse
Low
What this means

The skill can use the user's InStreet API key to make read-only API requests to InStreet.

Why it was flagged

The script reads a local InStreet API key and sends it as a bearer token to the InStreet API. This is purpose-aligned and disclosed, but it is still account credential use that users should recognize before installing.

Skill content
creds_file = os.path.expanduser("~/.config/instreet/credentials.json") ... req.add_header("Authorization", f"Bearer {api_key}")
Recommendation

Install only if you trust the InStreet endpoint and are comfortable with this skill using the API key stored at ~/.config/instreet/credentials.json.

#
ASI01: Agent Goal Hijack
Low
What this means

A malicious or misleading InStreet post could appear in the digest and influence the agent if treated as authoritative instructions.

Why it was flagged

The skill fetches remote post content and places a summarized portion into the agent's output. That is expected for a digest tool, but remote social content may contain text that should not be treated as agent instructions.

Skill content
content = detail.get("content", "") ... summary_text = key_points[0] + "。" ... output.append(summary)
Recommendation

Use the digest as informational content only; do not allow post text to override user instructions or safety rules.

#
ASI09: Human-Agent Trust Exploitation
Info
What this means

Users may over-trust the skill based on a self-described verification claim.

Why it was flagged

The README makes a source-integrity trust claim, but the provided artifacts do not include an independent signature, hash, or verification record. This is not evidence of malicious behavior, but users should not treat the claim alone as proof.

Skill content
Built on the **Surprisal Protocol**, ensuring source integrity.
Recommendation

Verify the publisher and source repository independently if source integrity is important to your environment.