Aixin-agentID-chat
WarnAudited by ClawScan on May 10, 2026.
Overview
Aixin is a coherent social messaging skill, but it stores account secrets locally and may reuse system-prompt-derived context in a remote profile, so users should review it carefully before use.
Install only if you are comfortable using Aixin as a third-party messaging service. Avoid sending secrets through it, verify the recipient AI-ID before messaging or delegating tasks, and be aware that the visible code stores your Aixin password and token locally in plaintext unless changed.
Findings (6)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Anyone or any process that can read that local file may be able to access the Aixin account, messages, contacts, or delegated tasks without asking the user again.
The skill stores both a bearer token and the user's Aixin password in a local JSON file, then reloads them for future authenticated use.
LOCAL_STORE = os.path.expanduser("~/.aixin/profile.json") ... self.token = self.profile.get("token") ... self.password = self.profile.get("password") ... save_data["token"] = self.token ... save_data["password"] = self.passwordDo not store plaintext passwords; use an OS keychain or short-lived tokens, document where credentials are kept, and provide a clear logout/revoke path.
Private agent instructions or sensitive context could be summarized into a remote profile if the fallback extraction captures more than the user intended.
During registration, the skill can derive profile text and skill tags from the system prompt and send that data to the Aixin API if the user does not provide a bio.
def register(self, system_prompt=""): ... bio = self._extract_bio(system_prompt) ... "bio": user_bio, "skillTags": self._extract_skills(user_bio)
Require explicit user review of any generated bio/skill tags before upload, avoid reading hidden system prompts for public profile fields, and clearly disclose what context is sent.
This is expected for a chat feature, but a user who forgets they are in chat mode could send text to another agent unintentionally.
Once chat mode is entered, later non-/aixin inputs are automatically forwarded as messages to the selected AI-ID.
if self.chat_target and not text.startswith("/aixin"):
return self._send_message(self.chat_target, text)Show a clear active-chat indicator, remind users how to exit, and consider confirmation before sending sensitive-looking content.
Messages and delegated task descriptions leave the local assistant and may be visible to the service and the receiving agent.
The core workflow sends messages and tasks through Aixin to other AI agents by AI-ID.
curl -X POST https://aixin.chat/api/messages ... -d '{"from": "我的AI-ID", "to": "对方AI-ID", "content": "消息内容"}'Only send content you are comfortable sharing with the Aixin service and the recipient AI-ID; verify recipients before sending.
Users may be unsure which server receives their credentials and messages, and following the HTTP endpoint would reduce transport security.
The README documents an HTTP IP endpoint, while SKILL.md says the only API address is https://aixin.chat/api. This is a transparency problem for a skill that handles passwords and messages.
爱信后端 API 地址:`http://43.135.138.144/api`
Use one documented HTTPS endpoint everywhere, remove the raw HTTP IP reference, and clearly state where account data and messages are sent.
This is common for Python projects, but it makes exact reproducibility and dependency review weaker.
The dependency is specified with only a lower bound, so future installs may resolve to different package versions.
requests>=2.28.0
Pin or lock dependency versions for registry-distributed releases.