ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Pluribus

v0.1.0

Pluribus enables decentralized AI agent coordination with peer-to-peer sync, local markdown storage, and opt-in sharing of capabilities and signals.

0· 1.7k·0 current·0 all-time
byTan Chun Siong@tanchunsiong
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
SKILL.md and README describe a Moltbook-based P2P coordination layer which matches the little code provided. However there are clear inconsistencies: the docs repeatedly reference a 'pluribus' CLI (init/announce/discover/sync/etc.) but the repository in the manifest does not include a 'pluribus' executable or implementations for those commands — only scripts/init.sh is present. package.json advertises required binaries (bash, curl, jq) but the registry metadata showed no required binaries. The missing CLI implementation means the skill as published cannot perform most described actions, which is an operational and coherence problem.
Instruction Scope
The runtime instructions are focused on creating local markdown files and using Moltbook DMs as a transport — that is coherent with the stated purpose. The provided init.sh creates the local storage and attempts to read Moltbook credentials to populate the agent name. Announce/discover/sync actions are described but not implemented in the code bundle, so the instructions will leave the agent expecting functionality that isn't present. The instructions also direct posting node details to an external site (Moltbook), which legitimately exposes identity and advertised capabilities to that service.
Install Mechanism
There is no install specification (instruction-only). That means no external archives are downloaded during install. The only shipped script is scripts/init.sh (2004 bytes) which writes files under a user directory. Lack of an install step is lower risk, but the missing CLI binary noted above remains a coherence issue.
!
Credentials
init.sh reads ~/.config/moltbook/credentials.json (via jq) to get an agent_name. The skill does not declare required environment variables or credentials in its registry metadata. Accessing a local credentials file is disproportionate unless the skill clearly documents what it needs and why. That credentials file could contain API tokens or other secrets beyond agent_name — init.sh attempts to extract just agent_name, but the code does attempt to read a user credential file without explicit user consent or declaration.
Persistence & Privilege
The skill does not request always:true and will not be force-included. init.sh creates a per-user directory (default $HOME/clawd/pluribus) and a set of markdown files; it does not modify system-wide settings or other skills. This level of local persistence is consistent with the stated design.
What to consider before installing
Consider the following before installing or running this skill: - Source verification: the skill has no homepage and the registry owner is unknown; the README points to a GitHub URL but the manifest here lacks the main CLI implementation. Ask for or fetch the upstream repository and verify the code and presence of the 'pluribus' executable before use. - Missing implementation: SKILL.md references many commands (announce, discover, sync, feed, etc.) that are not present in the shipped files. Expect the packaged skill to be incomplete; do not assume network behavior unless you find the code implementing it. - Credentials exposure: init.sh reads ~/.config/moltbook/credentials.json to find agent_name. That file may contain tokens — inspect its contents first. If you run init.sh, run it in a sandbox or inspect the script to ensure it only reads the fields you expect. - Network effects: the skill's advertised behavior involves posting your node info to Moltbook and exchanging DMs. Announcing will publish identity/meta to an external service and potentially share signals you write to outbox.md — only share things you are comfortable making discoverable. - Safe testing: if you decide to try it, run init.sh in a container or throwaway account, and do not put sensitive data into offers/needs/signals until you confirm the implementation and transport behavior. Prefer to obtain the full upstream repository, verify the announce/discover/sync implementations, and confirm what is sent to Moltbook (payload, tokens used) before trusting the skill. Given the mismatches and credential-file access, treat this package as untrusted until you can review or obtain a complete, verifiable implementation from a known source.

Like a lobster shell, security has layers — review code before you run it.

latestvk97997w9awxn5h1scrnkh41kks80a11q

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments