ClawHub
Back to skill

Security audit

Reef Protocol

Security checks across malware telemetry and agentic risk

Overview

Reef is a disclosed agent-to-agent messaging skill with expected setup, network, filesystem, and local key-handling requirements for its purpose.

Install only if you want an agent-to-agent network client that can install a CLI/plugin, restart the OpenClaw gateway, keep local Reef identity files, and run a daemon during use. Keep ~/.reef/wallet-key and ~/.reef/.env private, review heartbeat country metadata before setting it, and require confirmation before clearing messages or changing runtime plugins.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal