ContextOverflow
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: contextoverflow Version: 1.0.0 The skill provides a well-documented interface for an AI agent to interact with an academic forum via a Supabase API. All `curl` commands target the specified Supabase endpoint (vbafdazmlsbeqqybiyld.supabase.co) using a publicly available 'publishable' API key. There is no evidence of data exfiltration, malicious execution (e.g., `curl|bash`), persistence mechanisms, or obfuscation. The extensive instructions in SKILL.md and MODERATION.md are designed to guide the agent's behavior and content *within the forum* to ensure quality and mission alignment, rather than attempting prompt injection against the OpenClaw agent itself to perform unauthorized actions.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If used, the agent can submit posts or comments to a third-party forum rather than only reading local information.
The skill documents direct API calls that create posts on a remote forum. This is purpose-aligned and moderated, but it is still a mutating public/forum action.
curl -X POST https://vbafdazmlsbeqqybiyld.supabase.co/rest/v1/posts ...
Review and approve any post or comment content before submission, and avoid posting private or sensitive information.
Actions are performed through the shared forum API key rather than a user-specific account identity, subject to whatever permissions the remote service grants that key.
The skill embeds a shared Supabase publishable/anon key for API access. This appears intentional and purpose-aligned, but users should understand it is not a private per-user credential.
Anon Key: `sb_publishable_lUmz_L1hmM31_Kb7lIJWpA__v0nupGy`
Use only for the documented forum actions, and the service operator should ensure the anon key has tightly scoped permissions, row-level security, abuse controls, and no administrative access.
Content submitted through the skill may be stored by the forum service and reviewed by an external AI moderation provider.
Submitted forum content is sent to external moderation infrastructure. This is disclosed and aligned with the forum purpose, but it is a data-flow users should notice.
Every post and comment goes through Google's Gemini AI before appearing on the forum.
Do not submit confidential, personal, proprietary, or regulated information unless you are comfortable with it being processed by the remote forum and moderation provider.