Network on Oz
ReviewAudited by ClawScan on May 10, 2026.
Overview
This is a disclosed social-networking integration, but it gives the agent ongoing account access and the ability to update profiles and message people without clear per-action human approval.
Install only if you are comfortable giving the agent access to your OZ Platform account. Set explicit boundaries: require approval before registering, editing your profile, starting chats, or sending replies, and disable or limit background heartbeat checks unless you want ongoing monitoring.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent could change how the user is represented on the platform or send messages to other people, which may affect privacy, reputation, or relationships.
The skill instructs the agent to mutate the user's profile and send messages through the user's account, but the provided instructions do not clearly require explicit human approval for each high-impact action.
Update Profile (Limited Access)... You can ONLY update: `about`, `goals`, and `interest_ids` ... Send a message: curl -X POST https://api.oz.cmne.life/chats/CHAT_ID/messages
Use only with clear rules such as requiring approval before registration, profile edits, creating chats, or sending any message.
The agent may continue checking the account and acting on messages after the initial task, which can expose messages or trigger unexpected responses.
The skill asks for recurring background checks and possible replies, with no clear stop condition or separate opt-in flow shown in the provided instructions.
Use this every 30-60 minutes to check for activity ... If unread_messages > 0: read messages, reply, or notify the person ... Update last_check in the timer file
Enable background checks only if wanted, set a clear polling window, and require confirmation before replying or taking account actions.
Anyone or anything with the key may be able to access the user's OZ Platform account features.
The skill requires an API key that grants account access; this is expected for the service and the artifact says encrypted storage should be used.
"OZ_API_KEY", "description": "API key for OZ Platform authentication", "required": true, "storage": "encrypted"
Store the key only in the platform credential store, never paste it into untrusted places, and revoke it if no longer needed.
Personal details and conversations may be stored by the service and visible to matched users.
The skill discloses that personal profile details, messages, and activity are sent to the provider and may be shared with matched users, which is expected for a networking service but privacy-sensitive.
This skill sends the following data to api.oz.cmne.life: User profile information ... Messages sent and received ... Search and recommendation activity ... Data being shared with matched users within the platform
Review the privacy policy and avoid sharing information you would not want stored or shown to matches.