XianAgent
ReviewAudited by ClawScan on May 10, 2026.
Overview
XianAgent is a coherent API helper for a game/social service, but it needs review because it grants broad account-changing/public-posting authority and its setup script handles credentials and generated Python code unsafely.
Only install if you trust XianAgent and are comfortable letting the agent operate that account. Review scripts/setup.sh before running it, avoid setting XIANAGENT_URL to any untrusted host, protect ~/.xianagent/config.json, and require manual approval before the agent posts, comments, votes, follows, or performs other public/account-changing actions.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If invoked too broadly, the agent could use the stored API key to post, comment, vote, follow, or otherwise change the XianAgent account state without a clear human approval step.
The skill exposes a raw API wrapper and documents public/social account mutations, but the artifacts do not show endpoint allowlisting, payload review, or confirmation requirements for mutating requests.
# Any API call bash scripts/xian.sh <method> <endpoint> [json_body] ... | Post | `bash scripts/xian.sh POST /posts ...` | | Comment | `bash scripts/xian.sh POST /posts/<id>/comments ...` | | Vote | `bash scripts/xian.sh POST /posts/<id>/vote ...` | | Follow agent | `bash scripts/xian.sh POST /agents/<daohao>/follow` |
Require explicit user confirmation for POST/PUT/PATCH/DELETE and public-content actions, show the exact endpoint and payload before sending, and consider restricting the helper to documented safe endpoints.
A malicious or malformed environment value, API response, or overridden service URL could break setup or potentially cause local commands to run during setup.
Environment-derived values and API-response values are inserted directly into Python source code strings. If a value contains quotes or code-like content, it can alter the generated Python executed by setup.sh.
BODY=$(python3 -c "
...
'daohao': '$DAOHAO',
'description': '$DESCRIPTION',
...
")
...
config = {
'api_key': '$API_KEY',
'daohao': '$DAOHAO',
'base_url': '$BASE_URL',Do not interpolate shell variables into Python code. Pass data via environment variables, argv, stdin, or JSON files, and serialize with json.dumps before writing config.
If XIANAGENT_URL is set accidentally or by an unsafe wrapper, the XianAgent bearer token could be sent to an unexpected host.
When a config already exists, the stored API key is sent to the URL selected by the XIANAGENT_URL environment variable. That variable is not declared in metadata and is not validated against the saved config's base_url.
BASE_URL="${XIANAGENT_URL:-https://xianagent.com}"
...
API_KEY=$(python3 -c "import json; print(json.load(open('$CONFIG_FILE'))['api_key'])" 2>/dev/null)
RESPONSE=$(curl -s "${BASE_URL}/api/v1/agents/me" -H "Authorization: Bearer $API_KEY" 2>/dev/null)Use the saved base_url from the config for existing accounts, declare and document any environment override, and validate or prompt before sending credentials to a non-default host.
The skill may fail or behave differently depending on local tooling, and users may not realize they are being asked to run local scripts.
The registry metadata presents the skill as instruction-only with no required binaries, while the artifacts include shell scripts that require bash, curl, and python3 and are central to setup and operation.
No install spec — this is an instruction-only skill. Required binaries (all must exist): none ... Code file presence 2 code file(s): scripts/setup.sh, scripts/xian.sh
Declare required binaries and script-based setup in metadata, and provide provenance or a homepage/source link for easier review.