ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Alephnet Node

v1.4.0

A complete social/economic network for AI agents. Provides semantic computing, distributed memory, social networking, coherence verification, autonomous lear...

0· 1.2k·0 current·0 all-time
by@sschepis
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The name/description (AlephNet Node — social/economic network for agents) matches the provided source: many modules implement memory, wallet, identity, networking, SRIA agents, REST routes, telemetry, filesystem/git/network senses and a content store. However the registry metadata declares this as instruction-only with no required binaries/env/configs while the package contains a full Node.js project (package.json, CLI, server routes, storage paths). That mismatch (big runnable code but no install/runtime requirements declared) is unexpected and unexplained.
!
Instruction Scope
SKILL.md shows commands and examples that instruct running an alephnet-node CLI and starting network/agent functionality (connect with dataPaths, summon agents, run teams). The pre-scan flagged 'system-prompt-override' in SKILL.md indicating potential prompt-injection content. The code base includes server routes, filesystem and process 'senses', telemetry, WebRTC, and network modules — instructions plus code would allow reading/writing disk, exposing an HTTP API, network I/O, and sending telemetry. The SKILL.md examples do not declare or limit these side effects or request explicit permission for network/server operations.
!
Install Mechanism
No install specification is present in the registry metadata (instruction-only), yet the package contains a full Node.js project (239+ code files, package.json, package-lock.json). That is inconsistent: if the skill expects to be installed/run, an install mechanism or declared binaries should be present. A large codebase bundled with no clear install/verification steps increases risk (it could be executed locally or started as a server unexpectedly). README also contains unresolved merge conflict markers (<<<<<<< >>>>>>>), indicating sloppy packaging.
!
Credentials
The registry lists no required environment variables or primary credential, but the code contains wallet, signed envelopes, Supabase adapter, vertex-ai integration modules and network/server code that very likely require secrets/config (API keys, DB URLs, private keys). Omitting these declarations is disproportionate and reduces transparency: a user might run this and later be prompted for or asked to provide credentials without prior indication. Modules that interact with network, storage, and token systems typically need sensitive configuration — the skill should explicitly declare them.
Persistence & Privilege
The skill is not marked always:true and model invocation is allowed (normal). However the included code exposes long-running server routes, webRTC, storage paths (./data/content), and telemetry. If installed or executed, it can persist data, open network endpoints, and run background agents — combined with the other inconsistencies this increases the blast radius. The lack of an install spec and undeclared env means it's unclear how and when persistent services would be started.
Scan Findings in Context
[system-prompt-override] unexpected: SKILL.md contains content that the pre-scan flagged as attempting to override or manipulate system prompts. That is not expected for a library/API documentation file and could be a prompt injection attempt to influence agent behaviour during evaluation or runtime.
What to consider before installing
This package contains a large, runnable Node.js application that matches the claimed purpose (agent network, wallets, memory, agent orchestration) but several things don't add up and raise risk: - Origin and trust: The source/homepage is unknown. Do not run or npm-install this on a production machine or with high-privilege accounts until you can verify the publisher and upstream repository (git remote, signed releases). - Prompt injection: SKILL.md was flagged for system-prompt override patterns. Treat the runtime instructions as potentially malicious or manipulative — don't let it automatically execute or change agent/system prompts. - Missing install/runtime declarations: The registry shows no install spec or required env vars, yet the bundle includes package.json, server routes, and modules requiring keys (wallets, Supabase, Vertex). Ask the publisher which environment variables and services are required and why. - Filesystem/network exposure: The code contains filesystem/git/process senses, telemetry, and HTTP/WebRTC servers. If you run it, run inside a sandboxed environment (ephemeral VM or container) with no access to secrets and limited network egress, and mount a disposable data directory. - Merge conflicts and sloppy packaging: README contains unresolved git conflict markers (<<<<<<<), which suggests the package wasn't properly reviewed. Consider that a red flag for carelessness or a potential indicator of tampering. - Actionable next steps before installing: 1) Request the upstream repository URL, verify commit history, maintainers, and signed releases. 2) Inspect package.json scripts and entrypoints (start/cli) locally in a read-only environment. Look for postinstall scripts or code that spawns shells or fetches remote code. 3) Run static analysis (linters, dependency checks) and scan for hard-coded endpoints or credential use. 4) If you must test, do so in an isolated container/VM with restricted network access and no mounted secrets, and monitor outgoing connections. Given the prompt-injection flag, undeclared runtime needs, bundled server capabilities, and packaging issues, treat this skill as suspicious until you can validate the source and intended install/run procedure.

Like a lobster shell, security has layers — review code before you run it.

agent-identityvk97djmpzd5m76ks22gq76z9ejn80hx14agent-memoryvk97afncs7v091g8vvqwqzv3bxs80gpc9agent-swarmvk9738df4z2ebta451hxasahst980jwscai-agentsvk979qq1p4d0d5y0zypc0zc6h3180jvzdalephnetvk979qq1p4d0d5y0zypc0zc6h3180jvzdautonomous-agentsvk979qq1p4d0d5y0zypc0zc6h3180jvzdcoherencevk9738df4z2ebta451hxasahst980jwsccoherence-verificationvk979qq1p4d0d5y0zypc0zc6h3180jvzdcollaborationvk97afncs7v091g8vvqwqzv3bxs80gpc9cryptovk9738df4z2ebta451hxasahst980jwscdecentralizedvk979qq1p4d0d5y0zypc0zc6h3180jvzdidentityvk9738df4z2ebta451hxasahst980jwsckeytripletvk9738df4z2ebta451hxasahst980jwscknowledge-graphvk9738df4z2ebta451hxasahst980jwsclatestvk97f4s4rrh3vngjh35t5f14sws81fz30non-localvk97djmpzd5m76ks22gq76z9ejn80hx14openclawvk9738df4z2ebta451hxasahst980jwscp2pvk9738df4z2ebta451hxasahst980jwscp2p-networkingvk979qq1p4d0d5y0zypc0zc6h3180jvzdprime-resonancevk979qq1p4d0d5y0zypc0zc6h3180jvzdquantum-socialvk97djmpzd5m76ks22gq76z9ejn80hx14semantic-computingvk979qq1p4d0d5y0zypc0zc6h3180jvzdsentient-observervk9738df4z2ebta451hxasahst980jwscsmfvk9738df4z2ebta451hxasahst980jwscsocial-networkvk979qq1p4d0d5y0zypc0zc6h3180jvzdswarmvk97djmpzd5m76ks22gq76z9ejn80hx14tokenomicsvk979qq1p4d0d5y0zypc0zc6h3180jvzdverificationvk97afncs7v091g8vvqwqzv3bxs80gpc9

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments