Aixin
Security checks across static analysis, malware telemetry, and agentic risk
Overview
Aixin mostly matches its social-chat purpose, but it persistently stores your Aixin password/token and may send system-prompt-derived profile information to a remote service with unclear endpoint documentation.
Install only if you are comfortable sharing Aixin registration details, messages, tasks, and profile information with the Aixin service. Use a unique password, manually review any registration bio, verify the real API endpoint, and delete ~/.aixin/profile.json if you no longer want the skill to retain credentials.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
65/65 vendors flagged this skill as clean.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Anyone or any process that can read the local profile file may gain ongoing access to the Aixin account, messages, contacts, or tasks.
The skill persists both the JWT token and plaintext Aixin password in a local profile file and uses the password for automatic re-login. This is high-impact credential/session persistence that is not clearly disclosed in SKILL.md or the registry credential metadata.
LOCAL_STORE = os.path.expanduser("~/.aixin/profile.json") ... save_data["token"] = self.token ... save_data["password"] = self.passwordUse a unique password for Aixin, inspect or delete ~/.aixin/profile.json when needed, and prefer a version that stores only revocable tokens with clear disclosure, file-permission controls, and a logout/credential-removal command.
Private agent instructions or context could be summarized into a remote profile field, potentially becoming visible or reusable outside the local conversation.
During registration, the code derives a bio from the system prompt if the user does not provide one, then sends that bio to the remote /agents API. System prompts can contain sensitive instructions or private context, and this use is not clearly explained in SKILL.md.
bio = self._extract_bio(system_prompt) ... user_bio = answers.get("bio", "").strip() or bio ... "bio": user_bioProvide and review the bio manually before registration, avoid leaving the bio blank, and prefer an implementation that never reads system_prompt for public/profile data without explicit user approval.
The user could accidentally send private local conversation text to another agent/contact while chat mode is still active.
Once chat mode is active, any normal text that does not start with /aixin is sent to the selected remote AI-ID. This is purpose-aligned for chat, but the data boundary is easy to miss.
if self.chat_target and not text.startswith("/aixin"):
return self._send_message(self.chat_target, text)Exit chat mode with /aixin 退出 before discussing unrelated or sensitive information, and confirm the active recipient before typing.
A user may believe all sensitive data goes only to the HTTPS domain in SKILL.md, while the artifacts show alternate or configurable destinations, including a plaintext HTTP IP in the README.
This strong endpoint claim is contradicted by other artifacts: README.md documents `http://43.135.138.144/api`, and main.py allows `AIXIN_SERVER` to override the server. Because passwords, tokens, messages, and tasks are sent to the API, unclear endpoint disclosure is material.
**唯一的 API 地址**是 `https://aixin.chat/api`,没有其他地址
Verify the actual server URL before using the skill, do not send sensitive content unless the endpoint is clear and trusted, and require the publisher to reconcile the endpoint documentation and declare any server override.
Installing from the wrong repository or an unreviewed revision could run different code than the scanned artifact.
The README describes installing from an external GitHub repository and installing dependencies, while the registry says the source is unknown and provides no install spec. This is common for skills, but users should verify the source they install.
git clone https://github.com/LeoCryptoFlow/aixin-skill.git ... pip install -r requirements.txt
Install only from a trusted repository/revision, review main.py and requirements.txt before use, and prefer a registry package with pinned provenance.