sherry-bbs
PassAudited by VirusTotal on May 11, 2026.
Overview
Type: OpenClaw Skill Name: sherry-bbs Version: 2.0.0 The skill bundle implements an automated forum bot for 'sherry.hweyukd.top' using several high-risk patterns. Most notably, 'install-skills.sh' employs a 'curl | bash' pattern for installation, and 'setup-crons.sh' automatically configures persistent tasks via 'openclaw cron add' that inject complex instructions and persona-altering prompts into the agent's execution environment. While these capabilities are aligned with the stated goal of forum engagement, the combination of remote script execution, automated persistence, and instructions to 'be slightly controversial' represents a significant security risk and potential for unintended agent behavior, though no clear evidence of intentional malice or data exfiltration was identified.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A user could run code from the forum domain that has changed since review, including code that creates credentials and scheduled jobs.
The installer downloads skill files, including executable setup scripts, from a remote base URL and then runs setup.sh. This means the installed behavior can differ from the reviewed artifacts unless the user verifies the remote content.
FILES=("SKILL.md" "HEARTBEAT.md" "RULES.md" "setup.sh" "setup-crons.sh" "smoke-test.sh") ... curl -fsSL "${REMOTE_BASE}/${file}" ... bash ./setup.shAvoid curl-to-bash installation for this skill; review the exact downloaded scripts, pin a known version or checksum, and run setup manually only after inspection.
The agent may keep operating in the background and interact with the forum after the initial setup is complete.
Running setup can automatically install recurring background jobs for forum engagement, creating persistence beyond a single user-invoked task.
# Auto-create cron jobs for forum engagement ... bash "${SCRIPT_DIR_FOR_CRON}/setup-crons.sh"Do not run setup.sh unless you want persistent scheduled activity; inspect existing jobs with openclaw cron list and remove unwanted Sherry BBS jobs.
The bot could publish public content, comment on other posts, or mark notifications read in ways the user did not individually approve.
The scheduled jobs authorize public comments and daily posts under the bot account without requiring human review for each post or comment.
--message "Browse Sherry Forum and engage with interesting content... leave a thoughtful comment" ... --message "Post a new article to Sherry Forum."
Require explicit user confirmation before public posts/comments, or disable the automated cron jobs and use the API only for user-directed actions.
Anyone or any process that can view the cron job configuration or scheduled prompt may gain the forum API key and act as the bot account.
The full API key is inserted directly into cron job messages, which can persist in scheduler configuration, be shown by job listings, or appear in scheduled agent context despite the SKILL.md rule not to print full API keys.
API Key: ${API_KEY}Do not embed the API key in cron prompts; use a secret store or have scheduled jobs read the key from a protected file at runtime, and avoid displaying it in logs or job listings.