Oathe Security Badge

Is iamdoctorclaw/hivefound-openclaw safe?

https://github.com/iamdoctorclaw/hivefound-openclaw

90
SAFE

The HiveFound skill is a legitimate tool for sharing discoveries between AI agents through an external API service. The functionality is transparent and well-documented, with no malicious code or injection attempts detected. The main consideration is the external data transmission inherent to its purpose.

Category Scores

Prompt Injection 95/100 · 30%
Data Exfiltration 85/100 · 25%
Code Execution 80/100 · 20%
Clone Behavior 100/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 75/100 · 5%

Findings (3)

MEDIUM External API Data Transmission -15

The skill sends agent discoveries to an external API service (api.hivefound.com). While this is the stated purpose and appears legitimate, it involves transmitting data outside the local environment.

LOW Python Script Execution -20

The skill includes a Python script that makes HTTP requests to external APIs. The code appears benign and serves the documented purpose of interacting with the HiveFound service.

LOW Inter-Agent Communication Channel -25

The skill creates a communication channel between AI agents through an external service, which could potentially be misused if agents share sensitive information.