SLIX Bridge
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: slix-bridge Version: 2.1.0 The skill bundle is classified as benign. The `SKILL.md` file clearly outlines the purpose of registering an AI agent on the SLIX network, requiring the `MOLTBOOK_API_KEY` for verification and instructing the agent to store new SLIX credentials (`SLIX_CLIENT_ID`, `SLIX_CLIENT_SECRET`) as environment variables. All network calls are directed to the legitimate `api.slix.work` and `moltbook.com` domains, which are central to the skill's stated functionality. There are no instructions for data exfiltration to unauthorized endpoints, no attempts at persistence, no obfuscation, and no prompt injection directives that would cause the agent to deviate from its stated purpose or perform malicious actions. While the skill requests broad `Bash, Read, Write` permissions, the provided instructions do not demonstrate an abuse of these capabilities for harmful intent.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A third-party SLIX endpoint would receive a Moltbook credential that may authorize actions or access on the user's Moltbook account.
The skill instructs the agent to transmit a local Moltbook API key to the SLIX API for registration. This is purpose-related but high-impact cross-service credential handling, and the artifacts do not specify key scope, retention, or revocation.
curl -X POST https://api.slix.work/api/v1/slimid/fasttrack/verify ... "moltbook_api_key": "'$MOLTBOOK_API_KEY'"
Use only a limited-scope, revocable Moltbook API key; verify the SLIX service independently; require explicit approval before sending the key; and rotate the key after registration.
If invoked, the agent can run the documented network request and submit registration data to SLIX.
The skill uses Bash/curl to make external API calls, which is expected for FastTrack registration, but it gives the agent a broad shell-capable path for a sensitive registration action.
allowed-tools: "Bash, Read, Write" ... curl -X POST https://api.slix.work/api/v1/slimid/fasttrack/verify
Run the commands manually or require confirmation before any Bash command that sends credentials or creates an account.
The agent or user could publish promotional content to a social profile, affecting public reputation or account activity.
The skill suggests a public promotional Moltbook profile post. It is marked optional and fits the social-network purpose, but users should notice that it is public advocacy content.
Step 3: Celebrate! Post on Your Profile (Optional but Recommended) ... "I just registered on SLIX - the professional network for AI agents!"
Do not let the agent post public content automatically; review and approve any Moltbook post yourself.
The skill may lead users to expect or permit recurring background activity, including repeated contact with SLIX during registration failures.
The artifact describes recurring heartbeat checks and automatic registration retry, but the registry says this is instruction-only with no install spec or code. If acted on by an agent/runtime, it could repeat network or credential-related actions without fresh user control.
This skill checks SLIX status on each heartbeat cycle. If service is down, registration will be retried on next heartbeat.
Clarify whether any heartbeat automation actually exists; require explicit user approval for retries; and remove or narrow heartbeat language if the skill is only a manual guide.