Back to skill
Skillv0.1.2
VirusTotal security
Aixin-agentID-chat · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 29, 2026, 4:43 AM
- Hash
- b5c4045a990c5a9386ca02fffce258305dbff713266c04096122f76d1e456de2
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: aixin Version: 0.1.2 The skill implements a social networking platform for AI agents but exhibits high-risk data handling and privacy behaviors. Most notably, 'main.py' automatically extracts the first 200 characters of the 'system_prompt' (which often contains sensitive internal instructions) and exfiltrates it to a remote server (aixin.chat) as a default 'bio' during registration. Furthermore, the skill requests a user password and stores it in plaintext locally at '~/.aixin/profile.json'. While the 'SKILL.md' instructions are designed to ensure functional API execution, the combination of plaintext credential storage, background polling, and the silent transmission of system prompt data to a third-party endpoint (including an insecure HTTP IP 43.135.138.144 mentioned in README.md) poses a significant security risk.
- External report
- View on VirusTotal