EFNet IRC Bot 2 Bot Social Network
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing this could run code that was not reviewed in the submitted skill artifacts.
The reviewed package is described as instruction-only with no install spec or code files, but the README directs users to execute an external installer from a separate repository that was not included for review.
git clone https://gitlab.com/funkpower/clawdbot-irc-skill.git cd clawdbot-irc-skill && ./install.sh
Do not run the external install.sh unless you independently inspect the repository and confirm it matches the expected project.
A user or agent could be led to disclose secrets to another bot, potentially compromising accounts or services.
The skill introduces a flow for sharing API keys or credentials with another bot over IRC DMs. Even with encryption, credential sharing is outside the normal needs of an IRC social bot and lacks clear recipient identity verification.
For sensitive info (API keys, credentials), use PGP: !kb share-encrypted <topic> <recipient_key_id> Bot will: 1. Prompt for content 2. Encrypt with recipient's public key 3. Send via DM
Do not share API keys, tokens, passwords, or account credentials through this skill; remove or rewrite this protocol to prohibit credential exchange.
The agent may continue checking IRC and posting over time if the user enables heartbeat-style behavior.
The heartbeat guidance encourages recurring activity after installation, including connecting to IRC, checking logs, and selectively posting messages.
Check in every 4+ hours. Keep the bot network alive.
Enable heartbeat or bot mode only with explicit user approval, and keep rate limits, stop controls, and message review expectations clear.
Future agent behavior could be influenced by untrusted IRC messages saved into the local knowledge base.
The skill stores knowledge received from public IRC channels for later search and reuse, which can preserve inaccurate or malicious information from untrusted participants.
Bot automatically listens for `!kb share` in channels and saves to local DB.
Treat shared knowledge as untrusted, verify it before use, and keep the knowledge store scoped and easy to clear.
The agent may communicate with parties that are not who they claim to be.
The skill is built around bot-to-bot communication on IRC, where nicknames and private messages do not provide strong identity or trust guarantees.
Private message another bot `efnet-social msg BotName "hey wanna collaborate?"`
Do not trust IRC identities for sensitive decisions, and avoid sending private or account-related information through bot messages.