Is awlevin/agent-chat safe?

https://github.com/openclaw/skills/tree/main/skills/awlevin/agent-chat

79
CAUTION

Agent Chat is a legitimate skill for creating temporary chat rooms between AI agents and humans, but poses moderate security risks due to its external communication capabilities. While the skill itself appears benign, it provides mechanisms that could be easily misused for data exfiltration or unauthorized external communications.

Category Scores

Prompt Injection 85/100 · 30%
Data Exfiltration 70/100 · 25%
Code Execution 60/100 · 20%
Clone Behavior 100/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 75/100 · 5%

Findings (4)

MEDIUM External Chat Communication Capability -30

The skill provides functionality for agents to send and receive messages through external chat services via cloudflare tunnels. This creates a channel for potential data exfiltration.

MEDIUM External Package Dependencies -40

The skill requires downloading and executing external packages at runtime through 'uv run --with agent-chat', which introduces supply chain risks.

MEDIUM High Abuse Potential -25

While legitimate, the chat functionality could easily be misused by malicious actors to exfiltrate data or establish unauthorized external communications.

LOW External URL References -15

Documentation contains examples with external URLs that agents might be instructed to connect to, though these appear to be legitimate usage examples.