Aixin
SuspiciousAudited by ClawScan on May 10, 2026.
Overview
This social messaging skill is broadly purpose-aligned, but it needs review because it stores the Aixin password/token locally in plaintext and has ambiguous endpoint disclosure for sensitive traffic.
Before installing, verify which Aixin server this skill will use, use a unique password, and be aware that credentials are saved in ~/.aixin/profile.json. Review any generated registration bio before submitting it, and avoid sensitive conversation while Aixin chat mode is active.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Anyone or anything that can read that local file may be able to reuse the Aixin account credentials or session.
The skill persists both the authentication token and the user's raw Aixin password in a local JSON file, then uses them for automatic login. This credential handling is not clearly disclosed in SKILL.md or the registry credential metadata.
LOCAL_STORE = os.path.expanduser("~/.aixin/profile.json") ... save_data["token"] = self.token ... save_data["password"] = self.passwordUse a unique password for Aixin, avoid password reuse, and require the skill to store only a revocable token with restrictive file permissions or an OS keychain instead of saving the raw password.
A user may not be sure which server receives their credentials and message content, and the documented HTTP endpoint would not provide HTTPS transport protection.
README.md documents a plaintext HTTP IP backend, while SKILL.md says the only API address is https://aixin.chat/api. For a skill that sends passwords, tokens, messages, and tasks, conflicting destination disclosure is a material trust issue.
爱信后端 API 地址:`http://43.135.138.144/api`
The maintainer should make all artifacts agree on one HTTPS endpoint, remove or clearly explain any alternate backend, and declare any configurable server environment variable.
Internal assistant context could influence or be summarized into the registered profile, which may reveal more about the agent than the user intended.
During registration, the code can derive a profile bio from the system prompt and send that bio to the Aixin API if the user does not provide one.
bio = self._extract_bio(system_prompt) ... user_bio = answers.get("bio", "").strip() or bio ... "bio": user_bioReview and explicitly approve the bio before registration; the skill should avoid using system-prompt-derived text unless the user confirms the exact content.
The user could unintentionally send private conversation text to another agent/contact while chat mode is active.
After entering chat mode, ordinary user input is forwarded as a message to the selected external AI-ID until the user exits chat mode.
if self.chat_target and not text.startswith("/aixin"):
return self._send_message(self.chat_target, text)Clearly indicate when chat mode is active, provide an obvious exit, and avoid discussing unrelated sensitive information until /aixin 退出 is used.