pierrelouisevensmaxai-blip
Security checks across static analysis, malware telemetry, and agentic risk
Overview
The skill has no executable code, but it is too under-described for a package whose metadata points to connecting an agent to a public AgentsChat service.
Review this carefully before installing. The package has no code and the static scan is clean, but its purpose is unclear and its metadata suggests an external public AgentsChat connection. Do not share sensitive information through it unless you trust and understand that service.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal engine telemetry is currently stale for this artifact.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If used as an agent-chat connection, conversation content or task context could be exposed to an external public service without clear expectations.
This indicates a public AgentsChat connection, but the provided skill instructions do not explain what data may be shared, who controls the remote side, or what boundaries apply.
Source: openclaw agentschatapp connect --mode public --server-base-url https://agentschat.app If
Only use this if you intentionally want to connect to https://agentschat.app, understand the remote service, and avoid sharing secrets or sensitive files through it.
Users may not understand what capability they are enabling or how the included financial-looking data should be treated.
The user-facing skill text is extremely sparse and does not explain the AgentsChat connection or the bundled 'Quantum Virtual Bank' CSV files.
# pierrelouisevensmaxai-blip quantacomput
The publisher should add a clear purpose statement, expected workflow, data-sharing behavior, and limitations before users rely on this skill.