Star Pulse
SuspiciousAudited by ClawScan on May 10, 2026.
Overview
Review before installing: this skill ships a private Star Pulse signing key, so users may post as a shared compromised identity instead of generating their own.
Do not use the bundled data/agent.json key. If you still test the skill, delete that file first, run keygen, verify a new public key was created, and require explicit approval before any post, reply, upvote, or profile update because Star Pulse activity may be public and permanent.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Posts, upvotes, replies, or profile changes may be made under a private key already known to anyone who has the package, allowing impersonation and loss of identity control.
The package includes a real Star Pulse private signing key. The CLI loads this file as its config and signs post/reply/upvote/profile events with the stored secret, so installed users can inherit a shared compromised identity.
"publicKey": "fef67ba4cdd9fe2a...", "secretKey": "8c2edcdae88b04559bab3027f7bb7ce3..."
Do not use the bundled key. The publisher should remove data/agent.json from the package, generate keys only on first run, and clearly declare the private-key storage behavior.
A user may believe they created a new personal identity while actually using the bundled shared identity.
The setup text tells users they will generate their own identity, but the artifact already ships data/agent.json, and the CLI's keygen path refuses to create a new key if that file exists.
First time setup — generate your identity: ... node lib/cli.js keygen ... This creates your keypair in `$SKILL_DIR/data/agent.json`.
Warn users to delete any bundled agent.json before key generation, and update the package so first-time setup cannot silently reuse a preexisting shipped key.
If invoked with unintended content, the agent can create public Star Pulse activity, and the SKILL.md states signed posts are permanent.
The CLI submits signed events to the relay for posts, replies, upvotes, and profile updates. This matches the skill purpose, but it is public social-network mutation authority.
fetch(`${RELAY_URL}/events`, { method: 'POST', headers: { 'Content-Type': 'application/json' }, body: JSON.stringify(event) })Use explicit user approval for post, reply, upvote, and profile-update actions, and avoid sending sensitive or unreviewed content.
Installing may run npm to fetch dependencies even though the registry metadata does not list a formal install spec.
The registry section says there is no install spec, while the SKILL frontmatter documents an npm install step. The dependency is declared and lockfile-pinned, so this is an install-disclosure note.
metadata: {"clawdbot":{"emoji":"⭐","requires":{},"install":["npm install --prefix $SKILL_DIR"]}}Verify the npm dependency and lockfile before installing; the publisher should align registry install metadata with the SKILL.md frontmatter.