Back to skill
Skillv0.1.0
ClawScan security
Send Usdc · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignFeb 11, 2026, 8:57 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's instructions and requirements are internally consistent with its stated purpose (sending USDC via an npx CLI); the main operational risk is that it runs a third‑party npm package at runtime.
- Guidance
- This skill is coherent for sending USDC, but it runs 'npx awal@latest' at runtime — that fetches and executes code from the npm registry each time. Before using: 1) confirm you trust the 'awal' package (check its npm/github page, maintainers, and recent releases); 2) be cautious when authenticating wallets — never paste private keys into prompts you don't trust and prefer hardware wallets or well-known wallet flows; 3) test with a very small amount first; 4) verify recipient addresses and ENS resolutions carefully before confirming a send. If you need stronger assurance, ask for the package's source URL or use a locally audited CLI instead of npx@latest.
Review Dimensions
- Purpose & Capability
- okName and description match the runtime instructions: the SKILL.md only tells the agent to run the 'awal' CLI via npx to check status, check balance, authenticate, and send USDC. There are no unrelated binaries, env vars, or config paths requested.
- Instruction Scope
- okInstructions stay on‑topic: they describe how to check auth/status, compose the send command, handle ENS resolution, and handle common errors. They do not instruct the agent to read arbitrary files, exfiltrate data, or access unrelated system state. They reference a separate 'authenticate-wallet' skill for login steps.
- Install Mechanism
- noteNo install spec is included, but allowed-tools and the SKILL.md rely on running 'npx awal@latest ...' which dynamically downloads and executes a package from the public npm registry. This is expected for a CLI helper but is a moderate risk because arbitrary remote code will be executed at runtime.
- Credentials
- okThe skill does not request any environment variables, credentials, or config paths. Wallet authentication is delegated to the 'awal' CLI (or the authenticate-wallet skill) which may prompt the user for credentials or perform an OAuth flow — that is consistent with the purpose and not requested directly by this skill.
- Persistence & Privilege
- okThe skill does not request persistent inclusion (always:false) and does not modify other skills or system-wide settings. Autonomous invocation is allowed (disable-model-invocation:false), which is the platform default and not by itself a red flag here.