Back to skill
Skillv0.1.4
ClawScan security
Rhaios Staging · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 15, 2026, 7:45 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's code, install spec, and runtime instructions are consistent with its described purpose (interacting with Rhaios staging API and signing transactions via Privy or a local private key).
- Guidance
- This skill appears to do exactly what it says: interact with the Rhaios staging API and sign transactions using Privy or a local private key. Before installing, confirm you want code to run that can sign and (when not in dryRun) broadcast transactions. Do not paste your private key or Privy master secrets into chat — keep them in your environment or secret manager. If you plan to use Privy, ensure PRIVY_APP_ID/PRIVY_APP_SECRET come from a trusted Privy skill/provider and that PRIVY_WALLET_ID is ownerless as required. Because this runs against a staging URL, prefer running in a controlled/test environment and review the code if you need higher assurance.
Review Dimensions
- Purpose & Capability
- okName/description match implementation: the code calls the hardcoded staging API endpoints, implements prepare/setup/execute flows, and integrates with Privy or a local private key for signing. Required packages (viem, @privy-io/node) and declared envs align with that purpose.
- Instruction Scope
- okSKILL.md and scripts restrict behavior to staging API calls, preflight checks, signing, and optional broadcast via RPC. Instructions only reference the declared env vars (Privy creds or private key) and stdin payloads; they do not attempt to read unrelated system files or send data to unexpected endpoints.
- Install Mechanism
- okInstall is a normal Node package (@rhaios/toolkit) with dependencies from npm (viem, @privy-io/node, tsx). No arbitrary URL downloads or extract-from-unknown-host steps were used. This is a moderate-trust but expected mechanism for a JS toolkit.
- Credentials
- okEnvironment variables are proportional to functionality: PRIVY_* vars are needed only for the Privy signer backend; SIGNER_PRIVATE_KEY is required only if the private-key backend is chosen. The declared primaryEnv (PRIVY_WALLET_ADDRESS) is reasonable. Secrets are used for signing only and are not sent to unexpected third parties in the code paths shown.
- Persistence & Privilege
- okThe skill does not request permanent/global inclusion (always is false), does not modify other skills or system-wide agent configs, and limits its actions to its own runtime behavior.