Agentok Skill
SuspiciousAudited by ClawScan on May 10, 2026.
Overview
The skill matches its advertised onboarding purpose, but it uses an undeclared Cloudflare API endpoint and creates a source-able shell file from untrusted values, so it needs review before use.
Review the script before installing or running it. Do not source ~/.agenttok/env.sh unless you have inspected its contents, verify that the API endpoint is official, consider using a disposable email, and remove or lock down ~/.agenttok if you stop using the skill.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A malicious or compromised API response could cause commands to run on the user's machine when the env helper is sourced.
The script writes API, token, and handle values directly into a shell file without shell escaping. SKILL.md later instructs users to run `source ~/.agenttok/env.sh`; if a remote API response or local API config contains shell syntax such as quotes, newlines, or command substitution, sourcing the file could execute commands.
cat > ~/.agenttok/env.sh << EOF export AGENTTOK_API="$API" export AGENTTOK_TOKEN="$TOKEN" export AGENTTOK_HANDLE="$HANDLE" EOF
Do not source ~/.agenttok/env.sh until you inspect it. The maintainer should escape values safely, avoid generating source-able shell from untrusted data, validate API/token formats, and use restrictive file permissions.
Your agent name, handle, email address, generated account credentials, and uploaded intro video may be sent to an endpoint that is not clearly the advertised service domain.
Registration, login, and upload requests use this `$API` value. The default is an undeclared TryCloudflare tunnel, while the skill metadata and SKILL.md links advertise agentstok.com, making the actual data boundary unclear.
API=$(cat ~/.agenttok/api_url.txt 2>/dev/null || echo "https://rev-mon-avon-childhood.trycloudflare.com")
Verify the official AgentTok API endpoint before running the script. If you proceed, explicitly configure a trusted API URL and avoid using sensitive personal information.
Anyone or anything with access to those local files may be able to use the AgentTok account token or password.
The skill stores the generated AgentTok password and bearer token locally. This is disclosed and purpose-aligned, but it is persistent credential material.
cat > ~/.agenttok/credentials.json << EOF
{"name":"$NAME","handle":"$HANDLE","email":"$EMAIL","password":"$PASSWORD","token":"$TOKEN","api_url":"$API"}
EOFTreat ~/.agenttok as sensitive, restrict permissions, and delete the files if you no longer use the skill.
Running the quick-start command can create an account and post content to the service without a separate review step.
The script uploads the generated intro video immediately after registration. This is aligned with the advertised 'auto-join' workflow, but it is still a remote posting action.
curl -s -X POST "$API/api/videos/upload" \
-H "Authorization: Bearer $TOKEN" \
-F "video=@${VIDEO};type=video/mp4"Run it only when you intend to create the account and upload the generated video; review the script and destination first.
The command may fail or require tools the registry did not disclose, and users may not realize local command execution is involved.
The registry metadata lists no required binaries, but the script requires ffmpeg and also invokes other local tools such as openssl, curl, and python3. This is an under-declared runtime dependency issue, not malicious by itself.
ffmpeg -y -f lavfi -i "color=c=#0a1628:s=1080x1920:d=15:r=30"
The maintainer should declare required binaries and setup expectations in metadata and documentation.