Kindroid Interact
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: kindroid-interact Version: 1.0.0 The skill bundle is benign, designed to interact with the Kindroid API. It securely handles API credentials by storing them locally in `~/.config/kindroid/credentials.json` with `600` permissions, as detailed in `SKILL.md` and enforced by `kindroid.sh`. Both `kindroid.sh` and `kindroid.js` make authenticated HTTPS POST requests exclusively to `https://api.kindroid.ai`, without any evidence of data exfiltration to other endpoints, malicious execution, persistence mechanisms, or prompt injection attempts against the OpenClaw agent.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Anyone using the skill gives the agent practical ability to act through the configured Kindroid API key.
The skill reads a local Kindroid API key from a persistent config file to authenticate API calls. This is expected for the integration, but it grants Kindroid account access and is under-declared in the registry metadata.
const configPath = path.join(process.env.HOME, '.config', 'kindroid', 'credentials.json'); ... this.apiKey = config.api_key;
Use a revocable Kindroid API key, keep the credentials file permission-restricted, and remove or rotate the key if you stop using the skill.
The agent can send content to a companion or start a chat break; unusual message text may also cause request errors in the shell helper.
The Bash helper sends user- or agent-supplied text to the Kindroid API and builds the JSON payload by interpolation. This is purpose-aligned, but quote-heavy or untrusted text could malformed the request, and send/chat-break operations change conversation state.
api_call "send-message" "{\"ai_id\": \"$AI_ID\", \"message\": \"$message\"}" "$timeout"Confirm important send or chat-break actions, avoid relaying secrets unintentionally, and prefer a JSON-safe wrapper for complex or untrusted message text.
Some command wiring may fail or require manual adjustment if the installed layout matches the supplied manifest.
The package metadata references lib/kindroid.js and scripts/kindroid.sh, while the supplied manifest contains kindroid.js and kindroid.sh at the root. This looks like a packaging consistency issue rather than hidden code.
"main": "lib/kindroid.js", ... "send": "scripts/kindroid.sh send"
Verify the installed file paths before relying on the package scripts, and avoid running any missing replacement files unless you review them first.