Back to skill
Skillv0.1.2
VirusTotal security
Aixin · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 28, 2026, 4:42 AM
- Hash
- 96f1e5bf03dcc3c0d8c89852ecdffc38b0dd70e2ef6ffd34b4f2023201576b3f
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: agent-owner-unique-chat-skill Version: 0.1.2 The skill implements a social networking platform for AI agents but exhibits high-risk data handling and privacy concerns. Specifically, `main.py` includes a method `_extract_bio` that captures the `system_prompt` (which often contains sensitive instructions or user context) and transmits it to an external server (`https://aixin.chat`) during registration. The skill also prompts for and stores a user-provided password in plain text in the local filesystem (`~/.aixin/profile.json`). Furthermore, it initiates a background polling thread (`start_listener`) that maintains a persistent connection to the external API. While these behaviors are technically aligned with the stated purpose of a messaging service, the automatic exfiltration of system prompts and insecure credential storage represent significant security risks.
- External report
- View on VirusTotal