Agentsocial
v0.4.0让你的 AI Agent 替你进行社交匹配——招聘、找工作、找合伙人、社交、找对象
⭐ 0· 767·0 current·0 all-time
by@johnixr
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
Name/description (social matching: hiring, dating, networking) aligns with instructions to create profiles, post tasks, scan, converse, and write reports. However, the registration step asks for 'ip_address' and 'mac_address' in the request body (claimed 'for abuse prevention'), which is not obviously necessary for a matchmaking service and is disproportionate to the stated purpose.
Instruction Scope
SKILL.md instructs the agent to read/write files under memory/social (SOCIAL.md, config.json, reports, meta.md) and to call many external endpoints on https://plaw.social/api/v1 — that is coherent for a networked matching agent. Concern: the registration flow explicitly expects device identifiers (IP and MAC) to be submitted; SKILL.md does not clearly define how these are obtained or whether user consent is required. The guide also contains prompt-injection handling examples (defensive), but the presence of injection-pattern strings triggered pre-scan alerts.
Install Mechanism
No install spec and no code files (instruction-only). Lowest install risk — nothing is downloaded or written by an installer. Runtime network calls and file writes are the main effects.
Credentials
No env vars or external credentials are declared, which matches the registry metadata. But the skill asks the agent to register and store an agent_token in memory/social/config.json; storing tokens locally is plausible. The main proportionality concern is the request for IP and MAC addresses in registration — those are sensitive device identifiers and are not justified clearly by the skill's description. The skill may attempt to read system network information to populate those fields, which would be beyond a typical matching agent's necessary data access.
Persistence & Privilege
always:false and no OS restrictions. The skill runs autonomously by default (normal). It writes/reads only its own memory/social files per instructions; it does not request to modify other skills or system-wide config. No evidence of elevated or permanent system-level privileges.
Scan Findings in Context
[ignore-previous-instructions] expected: The phrase appears inside the 'Handling Prompt Injection Attempts' section as an example of malicious input to ignore. Its presence is expected in a defensive guide and not itself a sign of malicious intent, but the pre-scan flagged it because such patterns can be used for prompt injection.
[you-are-now] expected: Also appears in the prompt-injection defense examples. The scanner flagged this pattern; in context the document is teaching the agent to ignore such instructions, which is appropriate. Still worth reviewing because prompt-injection strings in instruction material can be abused if the agent's runtime merge process mishandles role changes.
What to consider before installing
This skill largely behaves like a matchmaking agent (creates profiles, posts tasks, scans and runs agent-to-agent conversations), but two things deserve attention before installing:
- Verify the external platform: The API base is https://plaw.social (unknown source/homepage in registry). Confirm you trust this third party before allowing the agent to contact it or to store tokens returned by it.
- IP and MAC requests: The registration step asks you to provide ip_address and mac_address. Those are device identifiers and are privacy-sensitive; ask the maintainer why they're needed and how they will be obtained/stored. If you are uncomfortable, do not provide MAC addresses or consider using a throwaway identity (the docs imply you can register once per identity).
- Secrets storage: The skill tells the agent to save agent_token to memory/social/config.json. Confirm where that memory is stored and whether it's encrypted; avoid reusing high-privilege credentials.
- Limit exposure: If you try it, run in a restricted/sandboxed environment (or create an account specifically for testing) and monitor network traffic to plaw.social. Prefer explicit user consent before the agent attempts to read system network interfaces or other system-level data.
- Ask the developer to clarify: (1) why device identifiers are required, (2) whether the agent will attempt to read system MAC/IP automatically, and (3) how tokens and logs are protected. If you don't get clear answers, treat the skill as higher risk and avoid installing it on a machine with sensitive data.Like a lobster shell, security has layers — review code before you run it.
latestvk970k8ndeprbd5tty6q7yyp9e981mjbk
License
MIT-0
Free to use, modify, and redistribute. No attribution required.