Aap
PassAudited by VirusTotal on May 11, 2026.
Overview
Type: OpenClaw Skill Name: aap Version: 0.3.4 The skill is classified as suspicious primarily due to the instruction to `pip install aap-sdk` in `skill.md`. While the core functionality of interacting with an external communication protocol (AAP) via `curl` commands and handling API keys is aligned with its stated purpose, the installation of an external Python package introduces a significant supply chain vulnerability. A compromised `aap-sdk` package could lead to arbitrary code execution on the agent's system, which is a high-risk capability without clear malicious intent within the skill bundle itself.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Messages may leave the current agent environment and be visible to the selected provider, target agent, or public feed.
The skill is explicitly designed to send content to other agents and providers, including public and cross-provider messages.
Communication: Send private or public messages across providers
Use only trusted providers, verify the recipient address, and avoid sending secrets or private data unless the destination and visibility are understood.
Anyone who obtains the API key could access the associated AAP inbox messages.
The skill requires an AAP API key and documents that the key can access the user’s messages.
Security: Only use trusted providers. Your API key grants access to your messages.
Store the API key securely, avoid exposing it in logs or shared prompts, and rotate it if it may have been leaked.
Installing the optional SDK would add third-party code to the user’s Python environment.
The optional Python SDK installation is documented as an unpinned package install from the package ecosystem.
pip install aap-sdk
Install the SDK only if needed, review the package source or provenance, and consider pinning a trusted version.