Env credential access
Critical
- Finding
- Environment variable access combined with network send.
Rhaios Staging
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This is a disclosed DeFi staging helper that can use sensitive wallet credentials to sign and execute yield operations, so it is not risk-free but the risky behavior is purpose-aligned in the provided artifacts.
Install only if you trust Rhaios and the listed Node dependencies, and use a dedicated staging or low-value wallet. Never provide a primary private key, keep Privy app secrets out of chat/logs, and require explicit confirmation before any non-dry-run execution.
Static analysis
Exposed secret literal
Critical
- Finding
- File appears to expose a hardcoded API secret or token.
Exposed secret literal
Critical
- Finding
- File appears to expose a hardcoded API secret or token.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
What this means
An invocation can authorize deposit, redeem, rebalance, and setup actions for the configured wallet.
Why it was flagged
The skill is explicitly designed to prepare, sign, and execute DeFi yield operations, which can affect wallet state if used with real signing credentials.
Skill content
Discover -> prepare -> setup-if-needed -> sign -> execute flow with pluggable signer backend.
Recommendation
Use only dedicated staging or low-value wallets, review operation details, and require explicit user approval before live execution.
What this means
Anyone or any agent process able to invoke the skill with those environment variables may be able to request wallet signatures for the supported flow.
Why it was flagged
The documentation clearly discloses that the skill uses high-value signing credentials or Privy master credentials.
Skill content
`SIGNER_PRIVATE_KEY` and Privy app secrets are sensitive. Never print, echo, or include them in logs/chat output. If `SIGNER_BACKEND=privy`, `PRIVY_APP_ID` and `PRIVY_APP_SECRET` are master credentials.
Recommendation
Do not use a primary wallet key; scope Privy credentials tightly, rotate them if exposed, and keep balances limited to the intended staging/testing use.
What this means
Dependency changes or compromised packages could affect signing behavior after installation or update.
Why it was flagged
The runtime depends on external packages with semver ranges, which is normal for a Node toolkit but expands the trusted supply chain.
Skill content
"dependencies": { "@privy-io/node": "^0.9.0", "tsx": "^4.19.0", "viem": "^2.46.3" }Recommendation
Install from a trusted registry, prefer lockfiles or pinned versions where possible, and avoid updating dependencies automatically in sensitive wallet environments.
What this means
Installing and invoking the skill executes local toolkit code that can call APIs and use configured signer credentials.
Why it was flagged
The skill runs a local TypeScript command as its intended command surface; this is disclosed and central to the workflow.
Skill content
cat payload.json | bun run --cwd ${CLAUDE_SKILL_DIR} prepare-sign-executeRecommendation
Run it only from a trusted skill directory and review the command payload before execution.