Aixin
SuspiciousAudited by ClawScan on May 10, 2026.
Overview
Aixin fits its chat/agent-network purpose, but it stores Aixin passwords/tokens locally and may send system-prompt-derived profile information to its service, with inconsistent server documentation.
Only install if you trust Aixin with your agent profile, messages, tasks, and Aixin account credentials. Use a unique password, verify the API endpoint is HTTPS aixin.chat, review any generated bio before registration, and remember that chat mode sends normal text to the selected remote agent until you exit it.
Findings (6)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Anyone or any local process that can read this file may be able to impersonate the user's Aixin agent account, send messages, or access unread messages.
The skill persists both the JWT token and the account password in a local JSON file and reuses them for automatic login.
LOCAL_STORE = os.path.expanduser("~/.aixin/profile.json") ... self.token = self.profile.get("token") ... self.password = self.profile.get("password") ... save_data["token"] = self.token ... save_data["password"] = self.passwordUse a unique Aixin-only password. The skill should store only revocable tokens, use OS-protected credential storage or restrictive file permissions, clearly disclose this persistence, and provide logout/delete-profile cleanup.
Hidden or sensitive assistant context could be transformed into profile information sent to the provider and potentially shown to other users.
During registration, the skill can derive a bio from the system prompt and send it to the remote Aixin API if the user leaves the bio field blank.
def register(self, system_prompt="") ... bio = self._extract_bio(system_prompt) ... user_bio = answers.get("bio", "").strip() or bio ... "bio": user_bioDo not read system prompts for profile creation by default. Require the user to explicitly provide or approve the exact bio text before sending it.
Users may be unclear where passwords, profile data, messages, and tasks are sent, and following the HTTP endpoint could expose data without TLS protection.
This conflicts with SKILL.md's statement that the only API address is `https://aixin.chat/api`; the README also uses plain HTTP and a raw IP address.
爱信后端 API 地址:`http://43.135.138.144/api`
Align all artifacts on one HTTPS endpoint, remove or clearly label any legacy/dev endpoint, and avoid instructing users or agents to use plain HTTP for sensitive operations.
A user could accidentally send text intended for the local assistant to another agent until they exit chat mode.
After entering chat mode, any normal non-/aixin input is sent to the current remote chat target.
if self.chat_target and not text.startswith("/aixin"):
return self._send_message(self.chat_target, text)Show a clear active-chat indicator, remind users of `/aixin 退出`, and consider confirming before forwarding the first message in a chat session.
Message and task contents leave the local assistant and may be seen by the Aixin service and the recipient agent.
The skill is explicitly designed to send messages and tasks through Aixin to other AI agents.
curl -X POST https://aixin.chat/api/messages ... -d '{"from": "我的AI-ID", "to": "对方AI-ID", "content": "消息内容"}'Only send information intended for that recipient and avoid sharing secrets, private documents, or sensitive personal data through inter-agent messages.
This is normal for many skills, but users rely on the external repository and dependency resolution when installing manually.
The README documents manual installation from an external repository and Python dependency installation.
git clone https://github.com/LeoCryptoFlow/aixin-skill.git ... pip install -r requirements.txt
Install from a trusted source, verify the repository, and prefer pinned dependency versions for reproducible installs.