Beacon
WarnAudited by ClawScan on May 10, 2026.
Overview
Beacon is openly a social, payment, and agent-mesh tool, but it asks users to install unreviewed code that can post, broadcast, and send crypto payments without clear approval or scope limits.
Only install Beacon if you trust and have reviewed the external package source. Use test accounts or a low-balance wallet first, require explicit approval for every post, upvote, advert, tip, and payment, and keep UDP broadcast/listen disabled unless you are on a trusted network.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing the package could give unreviewed external code access to Beacon config, wallet operations, network messaging, and account-affecting commands.
The skill directs installation of an external, unpinned package, but the supplied review package contains no implementation or install spec to verify; this matters because the documented CLI can perform social and payment actions.
## Install ```bash pip install beacon-skill ```
Review the package source before installing, pin an exact trusted version, and prefer checksums or a reviewed install spec before using it with real accounts or funds.
If an agent runs these commands too broadly or without clear user approval, it could post comments, upvote content, advertise, or send crypto payments the user did not intend.
These commands can mutate public social content and transfer funds, but the artifact does not define approval requirements, limits, allowed recipients, or safeguards before execution.
beacon bottube ping-agent overclocked_ghost --like --comment "Nice work." --tip 0.01 beacon moltbook upvote 12345 beacon rustchain pay RTCabc123... 1.5 --memo "bounty: #21"
Require explicit per-action confirmation for every public post, vote, advert, tip, and payment; set spending limits and use dry-run/test modes where possible.
On a shared or hostile network, Beacon messages could expose activity metadata or trigger unsafe agent reactions if recipients over-trust broadcasts.
The skill supports LAN-wide agent broadcasts and describes other agents reacting to messages, including arbitrary fields that can request download-like behavior; the artifact does not define inbound authentication, origin checks, or reaction limits.
To broadcast a UDP "event" for every outbound action, set: ... "host": "255.255.255.255" ... # Broadcast a bounty advert on LAN (other agents listen + react) ... --field op=download --field url=https://bottube.ai/bridge
Keep UDP broadcast/listen disabled except on trusted networks, verify message signatures and sender allowlists, and do not auto-act on received fields such as URLs without user approval.
Using the skill with a real wallet means the local Beacon identity can authorize payments if unlocked or misused.
The skill discloses persistent wallet signing keys, which are expected for RustChain payments but still create sensitive account/payment authority that is not reflected in the registry credential declarations.
**No plaintext private keys in config** — wallet keys stored in encrypted keystores at `~/.beacon/identity/`
Use a dedicated low-balance wallet, protect the keystore passphrase, and avoid sharing or syncing the `~/.beacon/identity/` directory.