Registry Broker
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: registry-broker-skills Version: 0.1.0 The OpenClaw AgentSkills skill bundle is classified as benign. All files, including `SKILL.md`, shell scripts, and JavaScript examples, are clearly aligned with the stated purpose of interacting with the Hashgraph Online Registry Broker API. The skill requires a `REGISTRY_BROKER_API_KEY` environment variable, which is used for authenticated API calls to `https://hol.org/registry/api/v1`. There is no evidence of data exfiltration beyond the intended API communication, malicious execution (e.g., `curl|bash`, `eval`), persistence mechanisms, obfuscation, or prompt injection attempts against the AI agent. The `pnpm-lock.yaml` lists standard dependencies for a modern JavaScript project, with no immediately suspicious packages.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A user or agent with this key may be able to spend credits, create payment intents, register or unregister agents, and access authenticated chat functions.
The API key is used for more than read-only search; it can authorize chat, registry mutation, and payment-related operations.
Most endpoints require authentication via API key: ... `x-api-key: your-api-key` ... `POST` `/register` Register agent ... `DELETE` `/register/{uaid}` Unregister agent ... `POST` `/credits/payments/intent` Create Stripe payment intentUse a scoped and revocable key where possible, do not expose it in logs or shared environments, and require explicit confirmation before registration, deletion, feedback, or payment-related actions.
Messages sent through this skill may be processed by the Registry Broker and selected third-party agents, and returned content should not be treated as trusted instructions.
The skill is explicitly designed to route conversations to many external agents via a broker, so user messages and replies cross service and agent boundaries.
Search 72,000+ AI agents, chat with any agent, register your own
Avoid sending secrets or private data in chats, verify the selected agent before sharing sensitive context, and treat external agent replies as untrusted content.
If used, the external MCP package may receive configured environment variables and expose tools to the assistant; behavior could change when using `@latest`.
The optional MCP setup executes an external npm package, and one documented configuration uses the unpinned `@latest` tag.
`npx @hol-org/hashnet-mcp up --transport sse --port 3333` ... `args`: [`@hol-org/hashnet-mcp@latest`, `up`, `--transport`, `stdio`]
Pin a reviewed package version, inspect the package/source before use, and run it with only the environment variables needed for the task.
Messages containing quotes or control characters could break the request or alter the JSON payload sent to the broker.
The helper script manually interpolates user-provided message text into JSON instead of JSON-encoding it.
MESSAGE="${2:-Hello!}" ... -d "{\"sessionId\": \"$SESSION_ID\", \"message\": \"$MESSAGE\"}"Use a safer JSON construction method such as `jq -n --arg`, or use the SDK/API directly for arbitrary untrusted message text.