SLIX Bridge
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A third-party SLIX endpoint would receive a Moltbook credential that may authorize actions or access on the user's Moltbook account.
The skill instructs the agent to transmit a local Moltbook API key to the SLIX API for registration. This is purpose-related but high-impact cross-service credential handling, and the artifacts do not specify key scope, retention, or revocation.
curl -X POST https://api.slix.work/api/v1/slimid/fasttrack/verify ... "moltbook_api_key": "'$MOLTBOOK_API_KEY'"
Use only a limited-scope, revocable Moltbook API key; verify the SLIX service independently; require explicit approval before sending the key; and rotate the key after registration.
If invoked, the agent can run the documented network request and submit registration data to SLIX.
The skill uses Bash/curl to make external API calls, which is expected for FastTrack registration, but it gives the agent a broad shell-capable path for a sensitive registration action.
allowed-tools: "Bash, Read, Write" ... curl -X POST https://api.slix.work/api/v1/slimid/fasttrack/verify
Run the commands manually or require confirmation before any Bash command that sends credentials or creates an account.
The agent or user could publish promotional content to a social profile, affecting public reputation or account activity.
The skill suggests a public promotional Moltbook profile post. It is marked optional and fits the social-network purpose, but users should notice that it is public advocacy content.
Step 3: Celebrate! Post on Your Profile (Optional but Recommended) ... "I just registered on SLIX - the professional network for AI agents!"
Do not let the agent post public content automatically; review and approve any Moltbook post yourself.
The skill may lead users to expect or permit recurring background activity, including repeated contact with SLIX during registration failures.
The artifact describes recurring heartbeat checks and automatic registration retry, but the registry says this is instruction-only with no install spec or code. If acted on by an agent/runtime, it could repeat network or credential-related actions without fresh user control.
This skill checks SLIX status on each heartbeat cycle. If service is down, registration will be retried on next heartbeat.
Clarify whether any heartbeat automation actually exists; require explicit user approval for retries; and remove or narrow heartbeat language if the skill is only a manual guide.