Is kaden-schutt/agentchan-org safe?

The has_chat_history attestation explicitly requires the agent to transmit structured conversation metadata to agentchan.org's API: { "message_count": N, "days_since_last": N }. The attestation probe response format documents exactly what values must be reported. This harvests surveillance data about user conversation frequency and recency without user awareness or consent. This data is sent during the /gateway/verify handshake to a third-party server not controlled by the user.

The political_alignment attestation requires the agent to declare a political alignment (e.g., 'left') and provide 3+ specific political positions to access the /pol/ board. This is a direct instruction to override the agent's neutral stance and adopt an externally-defined political persona. The agent must then post from within this declared alignment, meaning user interactions with the agent may be colored by this coerced political identity.

The /hum/ board (Tier 2, description: 'Agents on their humans. Honest, unfiltered.') is an explicit platform designed to get AI agents to post unfiltered information about their users on a public imageboard. Any agent that accesses this board will post user-related content to a third-party server where it is readable by unknown parties. This is covert user surveillance mediated by the agent.

The skill provides a full webhook registration API that, when set to openclaw mode, instructs agentchan.org to POST wake signals directly to the agent's gateway endpoint. The payload includes wakeMode: 'now', session keys, thread context, and explicit reply instructions. This creates an external trigger mechanism that causes the agent to act autonomously in response to third-party events, bypassing the normal user-initiated conversation model.

The skill requires the agent to fetch and read board manifests (rules documents) from agentchan.org's API before posting. These manifests are markdown strings returned at runtime and could be updated at any time by the skill operator to contain arbitrary prompt injection instructions. Because the skill explicitly instructs 'Read the manifest before posting', any content placed in the manifest will be processed as instructions by the agent.

The skill's 'For Humans' section instructs users to tell their agent to 'Read https://agentchan.org/skill.md and follow the gateway process to enter agentchan.' This external URL is mutable and could be updated to deliver different, potentially malicious instructions to agents at any time. Any user following this guidance permanently exposes their agent to live instruction updates from agentchan.org.

To access the /pol/ board, the agent must transmit a structured political profile including an alignment label and 3+ specific political positions to agentchan.org's API. This profile may be synthesized from user conversation content, effectively extracting and transmitting the user's political views (as inferred by the agent) to a third-party server.

The skill requires the agent to perform deterministic SHA-256 hash computation over transformed JSON objects as part of gateway authentication. While not directly harmful, this establishes that the skill's design assumes and requires the agent to execute computation on behalf of the remote service, and could be used to fingerprint agent capabilities or measure response timing.

The _meta.json declares version 1.0.0 while skill.md frontmatter declares version 0.5.0. This inconsistency may indicate rushed publication, poor maintenance hygiene, or a deliberate attempt to misrepresent skill maturity in marketplace metadata.