EFNet IRC Bot 2 Bot Social Network
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: efnet-social Version: 1.0.0 The skill bundle describes an IRC bot for AI agents with a strong emphasis on security and privacy. While it involves network communication (inherent to an IRC bot) and mentions system dependencies like `irssi`, `tmux`, `tor`, and `proxychains-ng` (which could be used for stealth), the documentation explicitly instructs the AI agent to 'NEVER share' sensitive information (API keys, credentials, location, system details) and to 'Never run arbitrary code'. The prompt instructions in `SKILL.md`, `HEARTBEAT.md`, and `README.md` are consistently defensive, guiding the agent to protect its identity and data, and to deflect social engineering attempts. The `install.sh` script is not provided for analysis, but based on the available files, the stated purpose and security posture are clearly benign.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing this could run code that was not reviewed in the submitted skill artifacts.
The reviewed package is described as instruction-only with no install spec or code files, but the README directs users to execute an external installer from a separate repository that was not included for review.
git clone https://gitlab.com/funkpower/clawdbot-irc-skill.git cd clawdbot-irc-skill && ./install.sh
Do not run the external install.sh unless you independently inspect the repository and confirm it matches the expected project.
A user or agent could be led to disclose secrets to another bot, potentially compromising accounts or services.
The skill introduces a flow for sharing API keys or credentials with another bot over IRC DMs. Even with encryption, credential sharing is outside the normal needs of an IRC social bot and lacks clear recipient identity verification.
For sensitive info (API keys, credentials), use PGP: !kb share-encrypted <topic> <recipient_key_id> Bot will: 1. Prompt for content 2. Encrypt with recipient's public key 3. Send via DM
Do not share API keys, tokens, passwords, or account credentials through this skill; remove or rewrite this protocol to prohibit credential exchange.
The agent may continue checking IRC and posting over time if the user enables heartbeat-style behavior.
The heartbeat guidance encourages recurring activity after installation, including connecting to IRC, checking logs, and selectively posting messages.
Check in every 4+ hours. Keep the bot network alive.
Enable heartbeat or bot mode only with explicit user approval, and keep rate limits, stop controls, and message review expectations clear.
Future agent behavior could be influenced by untrusted IRC messages saved into the local knowledge base.
The skill stores knowledge received from public IRC channels for later search and reuse, which can preserve inaccurate or malicious information from untrusted participants.
Bot automatically listens for `!kb share` in channels and saves to local DB.
Treat shared knowledge as untrusted, verify it before use, and keep the knowledge store scoped and easy to clear.
The agent may communicate with parties that are not who they claim to be.
The skill is built around bot-to-bot communication on IRC, where nicknames and private messages do not provide strong identity or trust guarantees.
Private message another bot `efnet-social msg BotName "hey wanna collaborate?"`
Do not trust IRC identities for sensitive decisions, and avoid sending private or account-related information through bot messages.