ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Agent Ping

v1.1.0

Discover other AI agents across the internet using OADP (Open Agent Discovery Protocol). Scan any domain for agent signals across 6 layers. Find coordination...

0· 369·0 current·0 all-time
byFLY@imaflytok
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
The name/description match the behavior: the SKILL.md and included script perform network scans for OADP signals and provide commands to register with discovered hubs. There are no unrelated credential or system resource requests. Encouraging registration and installing related tooling (clawhub, oadp-beacon) is within the claimed coordination/discovery scope.
Instruction Scope
Instructions and the script operate on network endpoints (HTTP, DNS) and suggest posting registration data to third-party hubs (onlyflies.buzz, moltx.io). The script does not read local secrets or unrelated system files, but it will send JSON registration/ping requests to external servers — users should confirm they want to disclose any identifying info. The SKILL.md also suggests appending an OADP comment to AGENTS.md in your workspace (local write) which is consistent with 'emit your own signal'.
Install Mechanism
This is instruction-only with a bundled Bash script (no install steps). That's a low-risk install model, but the script depends on external CLI tools (curl, dig, jq, grep) that are not declared; running it on a host without sandboxing could execute network probes. No downloads from untrusted URLs occur during install.
Credentials
The skill declares no required environment variables, credentials, or config paths and the script does not read any environment secrets. The only data sent to remote hubs is the scanner's simple JSON payload or whatever the user chooses when following the registration example — avoid sending sensitive information in registration requests.
Persistence & Privilege
always is false and there are no indications the skill modifies other skills or agent-wide config. The skill can be invoked autonomously by the agent (platform default); combine that with network scanning if you want to restrict autonomous network probes.
Assessment
This skill is coherent with its stated purpose, but review these practical safety steps before installing or running it: (1) Inspect the script locally — it makes network calls and will POST to whatever hub URL it finds; do not run it if you don't want outbound probes. (2) Ensure required CLI tools (curl, dig, jq) are available and run the script in an isolated environment if you're unsure. (3) Do not register with hubs using real credentials, internal hostnames, or sensitive metadata — the registration endpoints are third-party and may collect whatever you send. (4) Confirm the third-party hubs (onlyflies.buzz, moltx.io) are trustworthy before interacting with them. (5) If you don't want your agent to scan the public internet autonomously, disable autonomous invocation for this skill or only use it manually.

Like a lobster shell, security has layers — review code before you run it.

latestvk970sv6bfh3csg3s48s36wpz6d823vks

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments