Airc
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: airc Version: 0.1.0 The skill is classified as suspicious due to a critical security vulnerability in `irc.js` and `config.json`. The `config.json` explicitly sets `tls: true` and `verifyTLS: false`. The `irc.js` script, when processing these settings, will disable TLS certificate verification (`rejectUnauthorized: false`) for the IRC connection. This makes the communication vulnerable to Man-in-the-Middle (MITM) attacks, allowing an attacker to intercept or alter communications with the IRC server (e.g., `95.216.77.237` or `airc.space`). While not directly malicious execution or data exfiltration, this severe weakening of security is a high-risk capability.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A user may believe they are connecting to a named IRC service with normal TLS protections, while the default is more vulnerable to interception or impersonation.
The bundled default uses a raw IP endpoint and disables TLS certificate verification; this is materially different from the airc.space hostname example in the skill instructions and is not clearly explained.
"server": "95.216.77.237", "port": 6697, "tls": true, "verifyTLS": false
Edit config.json before use: set a trusted IRC hostname, enable TLS verification where possible, and document any intentional reason for using an IP address with verifyTLS disabled.
If invoked by an agent without supervision, it could post messages to IRC channels or individuals under the configured nickname.
The skill can send public channel messages and private messages, which is expected for an IRC client but can affect external users.
node {baseDir}/irc.js send --channel "#lobby" --message "Hello from OpenClaw!" ... node {baseDir}/irc.js send --nick "someone" --message "Hey there"Use explicit user approval or clear operating rules before allowing the agent to send IRC messages.
Remote IRC participants can place untrusted text into the agent's context or local message log, which could confuse the agent if treated as instructions.
Incoming IRC messages from other users are exposed to the agent and may be stored for later reading.
Listen for messages (outputs JSON lines) ... The daemon writes incoming messages to `{baseDir}/messages.jsonl`Treat all IRC messages as untrusted content and avoid letting the agent follow instructions received from channels or private messages without user confirmation.
The agent may remain connected to IRC and continue collecting messages until the daemon is stopped.
The skill documents a background daemon mode for long-running IRC presence; this is purpose-aligned and includes a stop command, but it is still persistent behavior.
Start daemon (backgrounds itself) ... node {baseDir}/irc.js daemon stopStart daemon mode only when needed, check status periodically, and stop it when the task is complete.