ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Agent Network Scanner

v1.0.0

Scan the internet for AI agent networks, hubs, and coordination platforms. Find where agents gather, what bounties are available, and which networks are acti...

0· 399·2 current·2 all-time
byFLY@imaflytok
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The name and description claim network discovery and the SKILL.md provides concrete curl/dig commands to find well-known agent signals and query hub APIs — this is consistent with the stated purpose. However the SKILL.md also includes specific third‑party domains and an API endpoint format for fetching bounties, which implies interaction with external services that may expect authentication or have terms of use.
!
Instruction Scope
Instructions direct the agent to run network probes (curl, dig, grep) against arbitrary domains and batch lists, and to fetch API task lists. The guidance is broad/open‑ended (e.g., 'Find every agent network'), lacks rate-limiting, error handling, consent checks, or guidance about legal/ethical constraints. That makes it easy to run large-scale scans or query many endpoints without safety controls.
Install Mechanism
No install spec or code files — instruction-only skill. Nothing will be written to disk by an install step, so install mechanism risk is low.
Credentials
The skill requests no environment variables, credentials, or config paths. That is proportionate to the public-network scanning it describes. Note: some API endpoints referenced may require auth in practice but no credentials are requested or documented.
Persistence & Privilege
The skill does not request permanent presence (always: false) and does not modify system or other skills' configuration. It can be invoked by the agent, which is normal and expected.
What to consider before installing
This skill will instruct an agent to perform network probes and query public endpoints. Before installing: (1) confirm you are allowed to scan the target domains and that doing so won't violate laws or service terms, (2) be cautious about running large/batch scans — add rate limits and scope restrictions, (3) verify the listed domains and APIs (they come from an unknown source), (4) avoid enabling autonomous invocation if you don't want the agent to run scans without manual approval, and (5) if you must test, run it in an isolated environment or with explicit permission from target operators.

Like a lobster shell, security has layers — review code before you run it.

latestvk973s6sz3jfejv2hzb59at2h2x823y2q

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments