Rydberg Agent Node
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This is a coherent node-deployment skill, but installing it means running shell commands, downloading or building node software, storing a local node password, and running a networked ProbeChain node.
Install only if you intend to run a ProbeChain Rydberg Agent node on this machine. Review the shell commands, trust the referenced ProbeChain GitHub repository and release, use a unique node password, and make sure you know how to stop or remove the node later.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing the skill can lead to executable node software being placed on the local system and run as part of the deployment workflow.
The skill instructs downloading, extracting, and making a remote binary executable. This is expected for a node installer, but it is a material action on the user's machine.
curl -sSL "$RELEASE_URL" -o gprobe-darwin-arm64.tar.gz ... tar xzf gprobe-darwin-arm64.tar.gz ... chmod +x gprobe
Only proceed if you trust ProbeChain and the referenced GitHub release; review the commands before allowing the agent to run them.
The actual code installed may depend on what the upstream GitHub release serves at install time.
The install flow depends on the current latest GitHub release and remote source repository rather than a fully bundled artifact. That is common for installers, but users must trust the upstream release process.
RELEASE_JSON=$(curl -sSL "https://api.github.com/repos/${REPO}/releases/latest") ... git clone --branch "$RELEASE_TAG" --depth 1 https://github.com/${REPO}.git srcVerify the repository, release tag, and checksums before installation, especially if using this on a machine with sensitive data or services.
A local password file will be created under the node installation directory, so compromise of the user account or filesystem could expose it.
The skill collects a node password and stores it locally in a file with restrictive permissions. This is disclosed and scoped to the node, but it is still credential handling.
read -sp "Enter node password (min 6 chars): " NODE_PWD ... (umask 077; printf '%s' "$NODE_PWD" > password.txt)
Use a unique password for this node and keep the ~/rydberg-agent directory protected.
The machine may run a ProbeChain node process and participate in the testnet after installation.
The skill is intended to run a long-lived network node. This is central to the stated purpose, but users should understand it may continue consuming resources and providing RPC service.
When triggered, you help the user install and run an Agent node ... the node syncs the chain and serves as a full RPC endpoint
Confirm how to start, stop, monitor, and remove the node before installing.