ClawHub
Back to skill
v0.1.0

Megaeth Developer

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 5:17 AM.

Analysis

This is an instruction-only MegaETH guide, but it includes irreversible crypto transaction workflows with no-confirm transfer examples and unbounded token approval patterns that deserve manual review.

GuidanceInstall only if you want an agent to help with MegaETH wallet and contract workflows. Before using it for real funds, require manual confirmation for every transaction, avoid unlimited token approvals, verify all token/router/bridge addresses against official sources, and separately review any external skill, repository, or local script referenced by the guide.

Findings (3)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation
SeverityMediumConfidenceHighStatusConcern
wallet-operations.md
node src/transfer.js megaeth 0xRecipient 0.1 --yes --json

The example is a high-impact fund transfer using a no-confirm flag. Although the file later says to confirm before sending, this default example could lead an agent or user to bypass an interactive confirmation step.

User impactIf copied or followed as-is, funds or tokens could be sent without a final interactive confirmation.
RecommendationRemove --yes from default transfer examples, require explicit user approval for recipient, amount, token, gas, and network, and reserve no-confirm flags for clearly labeled automation cases.
Agentic Supply Chain Vulnerabilities
SeverityLowConfidenceHighStatusNote
resources.md
Skill: https://clawdhub.ai/planetai87/warren-deploy
...
Install: `clawdhub install warren-deploy`

The guide recommends installing an external skill that is not part of the reviewed artifact set. This is disclosed and related to MegaETH development, but it should be reviewed separately before installation.

User impactFollowing the recommendation could bring in additional behavior or permissions not covered by this review.
RecommendationReview the referenced skill and any external repositories or scripts independently before installing, building, or running them.
Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse
SeverityMediumConfidenceHighStatusConcern
wallet-operations.md
functionName: 'approve',
  args: [spenderAddress, maxUint256]

The token approval example grants an arbitrary spender the maximum possible allowance without showing a bounded amount, spender verification, or an approval warning at that point in the workflow.

User impactA wrong or malicious spender address could receive broad authority to move the user's tokens.
RecommendationPrefer exact-amount approvals, verify spender contracts against official sources, and require explicit confirmation before any unlimited allowance.