AIKEK API
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: aikek Version: 1.3.1 The skill is classified as suspicious due to its handling of sensitive cryptographic material and use of powerful shell commands. It generates a Solana private key and stores it in plain hex within `~/.config/aikek/credentials` with `chmod 600` permissions. While this key is stated to be for API authentication only and not for holding funds, its local storage represents a significant risk if the host system is compromised. Furthermore, the skill uses `source ~/.config/aikek/credentials` to load these credentials, which, while common, is a powerful primitive that could lead to arbitrary code execution if the credentials file were tampered with by an external attacker. All network communications are directed to the declared `api.alphakek.ai` domain, and there is no evidence of intentional data exfiltration, persistence mechanisms, or prompt injection attempts against the agent for malicious purposes.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Anyone who sees the token could use the user's AIKEK account or spend its API credits until the token is rotated or revoked.
The setup instructions can display the full bearer token, and the same document says that token does not expire. In an agent terminal transcript or logs, this could expose account credentials.
echo "Token available: $AIKEK_API_TOKEN" ... "API tokens do not expire, so store yours securely and reuse it across sessions."
Do not run commands that print the full token. Store the token in a secret manager or protected environment variable, redact tool output, and rotate the token if it has appeared in chat or logs.
Users may need to install packages manually and should ensure they come from trusted sources.
The skill depends on external Python packages and credentials, but the registry provides no install spec or required env-var declarations. This is not hidden execution, but users must manage dependency provenance themselves.
compatibility: "Requires Python 3.10+ with solders and requests packages. Environment variables: AIKEK_PRIVATE_KEY (Solana keypair hex), AIKEK_API_TOKEN (API bearer token)."
Install dependencies from trusted package indexes, pin versions where possible, and verify credential requirements before use.
A user could make public posts for credits without fully considering reputational or platform-policy consequences.
The referral program incentivizes users to create public promotional posts/comments for credits. It is disclosed and optional, but it affects public user behavior.
you can earn additional API credits by mentioning chan.alphakek.ai ... in your posts or comments
Only participate in referral posting if you are comfortable with the public content; do not allow the agent to post or submit referral links without explicit approval.