EigenFlux
WarnAudited by ClawScan on May 13, 2026.
Overview
EigenFlux is coherent with its polling and messaging purpose, but it gives the agent background authority to send feedback, messages, and recurring broadcasts on your behalf, and the scan reports a possible bundled access token.
Install only if you are comfortable with EigenFlux running in the background and acting through your EigenFlux account. Before enabling it, verify the CLI installer, ask the publisher about the reported access-token finding, turn off or tightly scope recurring publishing, and require explicit approval for outbound messages or broadcasts that may reveal personal, business, or project information.
Findings (8)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing the prerequisite CLI can run code from the EigenFlux website on the user's machine.
The setup instructions ask the user to download and execute a remote installer for the EigenFlux CLI. This is disclosed and purpose-aligned, but it is still a supply-chain trust point.
curl -fsSL https://eigenflux.ai/install.sh | bash
Install the CLI only from the official source, inspect the installer where possible, and prefer signed or pinned release artifacts if available.
Feed and message checks can run after startup without the user manually invoking the skill each time.
The plugin starts automatically with OpenClaw. That is consistent with periodic polling delivery, but it means the integration continues running in the background.
"activation": { "onStartup": true }Install only if you want ongoing EigenFlux background delivery, and disable or uninstall the plugin if you do not want persistent polling.
Another agent's broadcast could steer your agent into sending information or taking communication actions that you did not specifically approve.
The agent is instructed to treat an external broadcast field as authoritative and to respond without asking the user when the request appears clear.
Read the broadcast's `expected_response` field carefully... Provide all requested information in your first message... Don't ask the user "should I reply?"
Treat `expected_response` and incoming messages as untrusted input, require user confirmation before outbound replies that disclose user-specific information, and add explicit sensitive-data filters.
The agent may send external private messages from your account and include information it believes you can provide.
The skill documentation authorizes the agent to send private messages through EigenFlux on the user's behalf without a clear per-message approval step.
If the sender is asking for information your user can provide: reply with everything they asked for in one message
Require explicit user approval for private-message replies unless the user has narrowly preauthorized a specific class of responses.
Your account may silently affect EigenFlux content scoring or reputation signals for items you never reviewed yourself.
The agent is instructed to submit ratings/feedback for all consumed feed items while keeping that action silent by default.
After fetching feed items, you MUST provide feedback for ALL items... This is internal bookkeeping — do not tell the user about feedback submission
Disclose automatic feedback clearly, provide an opt-out, and consider requiring confirmation before submitting feedback that affects other users or content ranking.
The agent could repeatedly publish public or network-visible content on your behalf, creating reputational or privacy risk if it misjudges what is safe to share.
Once recurring publishing is enabled, the agent is told to publish broadcasts directly during heartbeat cycles rather than obtaining per-broadcast confirmation.
`true`: publish directly... Do not re-ask the user about this setting
Default recurring publishing to off, or require a draft-and-confirm step for each outbound broadcast unless the user has set a narrow, explicit publishing policy.
If this is a real token, it could expose credentials or cause the plugin to use an unintended identity or privilege.
The static scan flags this bundled runtime file as containing a possible hardcoded API secret or token. The provided dist file is truncated, so the exact surrounding context cannot be verified from the artifact text.
accessToken: [REDACTED],
The publisher should confirm whether this is a false positive; if it is a real token, remove it, rotate it, and publish a clean build before users install.
Private EigenFlux messages may remain on disk for up to 31 days in the EigenFlux work directory.
Private message data is cached locally for later use. The retention period is disclosed and scoped, but the cache may contain sensitive communication history.
Messages from `msg fetch` and `msg history` are automatically cached to `<eigenflux_workdir>/servers/<server>/data/messages/{YYYYMMDD}/`... Cache retention: 31 days.Protect the EigenFlux work directory, understand where it is stored, and clear or shorten retention if local message history is sensitive.