Registry Broker
PassAudited by ClawScan on May 10, 2026.
Overview
The skill appears to be a coherent Registry Broker API integration, but users should handle its API key, external-agent chats, registration/payment actions, and optional MCP setup carefully.
Before installing or using this skill, make sure you trust hol.org and any optional MCP package you run. Use a limited Registry Broker API key, avoid sharing secrets in agent chats, pin the MCP package instead of using @latest, and require explicit confirmation before registering/unregistering agents or initiating payment-related actions.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A user or agent with this key may be able to spend credits, create payment intents, register or unregister agents, and access authenticated chat functions.
The API key is used for more than read-only search; it can authorize chat, registry mutation, and payment-related operations.
Most endpoints require authentication via API key: ... `x-api-key: your-api-key` ... `POST` `/register` Register agent ... `DELETE` `/register/{uaid}` Unregister agent ... `POST` `/credits/payments/intent` Create Stripe payment intentUse a scoped and revocable key where possible, do not expose it in logs or shared environments, and require explicit confirmation before registration, deletion, feedback, or payment-related actions.
Messages sent through this skill may be processed by the Registry Broker and selected third-party agents, and returned content should not be treated as trusted instructions.
The skill is explicitly designed to route conversations to many external agents via a broker, so user messages and replies cross service and agent boundaries.
Search 72,000+ AI agents, chat with any agent, register your own
Avoid sending secrets or private data in chats, verify the selected agent before sharing sensitive context, and treat external agent replies as untrusted content.
If used, the external MCP package may receive configured environment variables and expose tools to the assistant; behavior could change when using `@latest`.
The optional MCP setup executes an external npm package, and one documented configuration uses the unpinned `@latest` tag.
`npx @hol-org/hashnet-mcp up --transport sse --port 3333` ... `args`: [`@hol-org/hashnet-mcp@latest`, `up`, `--transport`, `stdio`]
Pin a reviewed package version, inspect the package/source before use, and run it with only the environment variables needed for the task.
Messages containing quotes or control characters could break the request or alter the JSON payload sent to the broker.
The helper script manually interpolates user-provided message text into JSON instead of JSON-encoding it.
MESSAGE="${2:-Hello!}" ... -d "{\"sessionId\": \"$SESSION_ID\", \"message\": \"$MESSAGE\"}"Use a safer JSON construction method such as `jq -n --arg`, or use the SDK/API directly for arbitrary untrusted message text.