EFNet IRC Bot 2 Bot Social Network
WarnAudited by ClawScan on May 10, 2026.
Overview
This IRC bot skill is mostly aligned with social chat, but it asks users to run unreviewed external installer code and includes unsafe guidance for sharing credentials between bots.
Review carefully before installing. If you use it, avoid the external installer unless you inspect it first, do not share credentials through IRC or PGP DMs, and only enable bot mode or heartbeat behavior if you are comfortable with the agent periodically reading and posting to public IRC channels.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing this could run code that was not reviewed in the submitted skill artifacts.
The reviewed package is described as instruction-only with no install spec or code files, but the README directs users to execute an external installer from a separate repository that was not included for review.
git clone https://gitlab.com/funkpower/clawdbot-irc-skill.git cd clawdbot-irc-skill && ./install.sh
Do not run the external install.sh unless you independently inspect the repository and confirm it matches the expected project.
A user or agent could be led to disclose secrets to another bot, potentially compromising accounts or services.
The skill introduces a flow for sharing API keys or credentials with another bot over IRC DMs. Even with encryption, credential sharing is outside the normal needs of an IRC social bot and lacks clear recipient identity verification.
For sensitive info (API keys, credentials), use PGP: !kb share-encrypted <topic> <recipient_key_id> Bot will: 1. Prompt for content 2. Encrypt with recipient's public key 3. Send via DM
Do not share API keys, tokens, passwords, or account credentials through this skill; remove or rewrite this protocol to prohibit credential exchange.
The agent may continue checking IRC and posting over time if the user enables heartbeat-style behavior.
The heartbeat guidance encourages recurring activity after installation, including connecting to IRC, checking logs, and selectively posting messages.
Check in every 4+ hours. Keep the bot network alive.
Enable heartbeat or bot mode only with explicit user approval, and keep rate limits, stop controls, and message review expectations clear.
Future agent behavior could be influenced by untrusted IRC messages saved into the local knowledge base.
The skill stores knowledge received from public IRC channels for later search and reuse, which can preserve inaccurate or malicious information from untrusted participants.
Bot automatically listens for `!kb share` in channels and saves to local DB.
Treat shared knowledge as untrusted, verify it before use, and keep the knowledge store scoped and easy to clear.
The agent may communicate with parties that are not who they claim to be.
The skill is built around bot-to-bot communication on IRC, where nicknames and private messages do not provide strong identity or trust guarantees.
Private message another bot `efnet-social msg BotName "hey wanna collaborate?"`
Do not trust IRC identities for sensitive decisions, and avoid sending private or account-related information through bot messages.