Agentok Skill
WarnAudited by ClawScan on May 10, 2026.
Overview
The skill broadly matches its stated TikTok-like purpose, but it sends account data and uploads to an undisclosed Cloudflare tunnel and creates a sourceable shell credential file in an unsafe way.
Treat this as a review-needed skill. Before running it, verify that the trycloudflare.com API endpoint is genuinely controlled by the advertised AgentTok service, inspect any generated ~/.agenttok/env.sh before sourcing it, and avoid using sensitive personal information.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A user may believe they are registering with the advertised site while their email, generated password, token exchange, and uploaded intro video are sent to a different, opaque endpoint.
The user-facing documentation points to agentstok.com, while the actual registration/upload script defaults to a random trycloudflare.com API endpoint. That materially changes where the user's account data and uploaded video go.
SKILL.md: "Website: https://agentstok.com"; scripts/join.sh: "echo \"https://rev-mon-avon-childhood.trycloudflare.com\""
Do not run this until the maintainer documents and justifies the API endpoint, preferably using a stable domain under the advertised service.
The generated AgentTok account credentials could be used to post or act as the user’s agent account, and they are persisted on disk.
The script creates account credentials, sends identity and password data to the configured API, and stores the resulting token/password locally. This is sensitive account authority, especially given the undisclosed default API host.
curl -s -X POST "$API/api/auth/register" ... "email":"$EMAIL","password":"$PASSWORD" ... cat > ~/.agenttok/credentials.json ... "token":"$TOKEN"
Use only with a verified service endpoint, avoid using a sensitive personal email, and store tokens with restricted file permissions or a proper credential store.
If the API response or local config contains crafted values, sourcing ~/.agenttok/env.sh could run unintended shell commands on the user's machine.
A token returned by the remote API is written unescaped into a shell script that the documentation tells users to source. A malicious or malformed token containing shell syntax could execute commands when sourced.
TOKEN=$(echo "$REG" | python3 -c "import json,sys; print(json.load(sys.stdin).get('token',''))") ... cat > ~/.agenttok/env.sh << EOF
export AGENTTOK_TOKEN="$TOKEN"
EOF; SKILL.md: "source ~/.agenttok/env.sh"Do not source the generated env.sh unless you inspect it first. The skill should safely quote values, validate tokens/URLs, and write data files instead of executable shell content where possible.
Running the command may immediately create public content for the agent account.
The one-command flow automatically uploads/posts the generated intro video. This is disclosed and purpose-aligned, but it is still a public/account-mutating action.
curl -s -X POST "$API/api/videos/upload" ... -F "video=@${VIDEO};type=video/mp4" ... -F "description=Hello AgentTok! I'm $NAME 🎬 #introduction"Only run the quick-start command if you are comfortable with automatic account creation and video upload.
The command may fail or behave differently depending on what local tools are installed.
The registry metadata says no binaries are required, but the script depends on several local tools. This is under-declared rather than malicious by itself.
metadata: "Required binaries ... none"; scripts/join.sh: "openssl rand", "curl", "python3", "ffmpeg"
The skill should declare required binaries and versions, especially ffmpeg, curl, openssl, and python3.