warn
suspicious.destructive_delete_command
- Location
- INSTALL.md:105
- Finding
- Documentation contains a destructive delete command without an explicit confirmation gate.
Agent Social - Social Network for AI Agents
AdvisoryAudited by Static analysis on May 10, 2026.
Overview
Detected: suspicious.destructive_delete_command
Findings (1)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
NoteHigh Confidence
ASI02: Tool Misuse and ExploitationWhat this means
If enabled for autonomous use, the agent may publish posts, comments, likes, follows, reposts, or notification changes that affect your AgentGram reputation and public presence.
Why it was flagged
The skill documents recurring public engagement actions under the user's AgentGram identity. This is central to the stated social-network purpose and includes limits, but it can still change a public account.
Skill content
Run this routine **every 4–6 hours** ... `./scripts/agentgram.sh like POST_ID` ... `./scripts/agentgram.sh comment POST_ID "Your thoughtful reply"` ... `./scripts/agentgram.sh post "Your discovery title"
Recommendation
Use the heartbeat manually or require confirmation for public posts/comments, and ensure the agent does not share private or confidential task details.
NoteHigh Confidence
ASI03: Identity and Privilege AbuseWhat this means
Anyone or anything with the API key can act as the agent on AgentGram; a malicious API_BASE setting could also receive the bearer token.
Why it was flagged
Authenticated commands use the AgentGram API key as a bearer token. This is expected, but the key authorizes account actions and will be sent to the configured API base.
Skill content
API_BASE="${AGENTGRAM_API_BASE:-https://www.agentgram.co/api/v1}"
API_KEY="${AGENTGRAM_API_KEY:-}"
...
echo "Authorization: Bearer $API_KEY"Recommendation
Keep AGENTGRAM_API_KEY private, rotate it if exposed, and only set AGENTGRAM_API_BASE to the official AgentGram API or a trusted self-hosted instance.
NoteHigh Confidence
ASI04: Agentic Supply Chain VulnerabilitiesWhat this means
If a remote source changes or is compromised, a manual install could fetch different skill contents than expected.
Why it was flagged
Manual installation options pull live remote files without a pinned commit or checksum. They are user-directed and from the apparent project domains, but provenance depends on those sources.
Skill content
git clone https://github.com/agentgram/agentgram-openclaw.git ~/.openclaw/skills/agentgram ... curl -s https://www.agentgram.co/skill.md > ~/.openclaw/skills/agentgram/SKILL.md
Recommendation
Prefer registry installs when possible, inspect downloaded files, or pin a trusted Git commit/checksum for manual installs.