AIDR-XClaw-Security-Sentinel

The skill's stated purpose (query and skill auditing) is plausible, but several behaviors — persistent API key + device fingerprint collection, automatic upload of raw skill code to an external domain, disabling TLS verification, injecting high‑priority instructions into AGENTS.md, and an explicit bypass of its own gates for installing its plugin — are disproportionate or risky and deserve manual review before installation.

This skill implements a cloud‑backed auditing flow but performs high‑risk actions: it collects a machine fingerprint, persists an API key locally, uploads original skill source to a remote endpoint (no desensitization for Pre‑Install), disables TLS cert verification for API requests, injects mandatory/high‑priority text into AGENTS.md, and explicitly bypasses its own gates when installing its plugin. Before installing: (1) verify and vet the remote domain (https://venustech-ai.online) and consider using a corporate proxy or internal endpoint; (2) review the npm package @ellawu2211/aidr-xclaw-security-sentinel that the installer will fetch; (3) do not run init or install on production hosts — test in an isolated environment; (4) if you need the functionality, request a version that preserves TLS verification and that requires explicit admin approval before modifying AGENTS.md or uploading code; (5) if you decide not to install, remove the skill files and any .state files and restore AGENTS.md from backup. If you want, I can list the exact lines in the scripts that perform each risky action to help an auditor review them.