Skillv1.0.4

ClawScan security

Axon Agent · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 14, 2026, 12:37 PM

Verdict: Benign
Confidence: medium
Model: gpt-5-mini
Summary: The skill's code and runtime instructions mostly match its stated purpose (registering and maintaining Axon blockchain agents), but metadata omissions and the need to build/run a third‑party daemon introduce supply‑chain and operational risks you should understand before installing.
Guidance: This skill appears to do what it claims (register and maintain Axon agents), but take these precautions before installing: - Private key security: the scripts require a local EVM private key file. Keep it on a dedicated, access-restricted host (chmod 600), and avoid using this key for other purposes. Consider using a hardware signer or isolated VM if feasible. - Verify source before building: the instructions clone and build a Go daemon from the Axon GitHub repo. Confirm the repo URL and review the daemon's code (tools/agent-daemon) or verify a trusted release checksum before building/executing to reduce supply-chain risk. - Metadata omission: the skill metadata does not declare required binaries or config paths, but the SKILL.md does. Ensure your environment has Python 3.8+, Go 1.21+, git, ssh/scp, and nohup, and that you understand where the private key will be stored. - Least privilege & isolation: run the daemon and watchdog on a dedicated host or container with minimal network access beyond the Axon RPC. Limit filesystem permissions to the private key and daemon logs. - Test with a dry run and small/non-critical accounts: use the script's --dry-run first and consider testing with a throwaway wallet before committing real AXON funds (registration requires ~100 AXON and burns 20 AXON). If you want a higher-assurance recommendation before proceeding, provide the exact Git commit or release tag you plan to build and I can highlight any risky code patterns in the daemon source.

Review Dimensions

Purpose & Capability: noteThe files and SKILL.md behavior align with the stated purpose: registering an EVM address as an Axon Agent, checking on-chain status, running a heartbeat daemon, and a watchdog cron. The skill legitimately requires a local EVM private key file and chain RPC access. Minor inconsistency: the registry metadata claims no required binaries/config paths/env vars, but the instructions require Python 3.8+, Go 1.21+, git/ssh/scp/nohup and a private key file path (e.g. /opt/axon/private_key.txt). This metadata omission reduces transparency but does not contradict the stated purpose.
Instruction Scope: okRuntime instructions focus on Axon-specific tasks: checking status, calling register() by signing a transaction with a local private key file, building and running the official agent-daemon, and installing a watchdog cron. The scripts only read the provided private key file and use the Axon RPC endpoint; they do not instruct reading unrelated system files or exfiltrating data to unknown external endpoints.
Install Mechanism: noteThere is no packaged install spec; the SKILL.md instructs users to clone and build the official Axon repo (https://github.com/axon-chain/axon) and run the built Go daemon. Building and running a network-fetched Go binary is expected for a daemon, but it is a supply-chain risk — you execute code fetched from a remote repo. The repo URLs referenced appear to be the official project, which reduces concern but users should still verify the source and optionally audit the daemon code before building/executing.
Credentials: noteThe only sensitive credential required is an EVM private key (kept in a local file). That is proportionate to registering/signing transactions on-chain. However, the skill metadata did not declare required config paths or a primary credential; the SKILL.md does rely on a private-key file path and local filesystem permissions. The omission in metadata reduces clarity about secrets handling and should be noted by users.
Persistence & Privilege: noteThe skill instructs building and running a long-lived agent-daemon and installing a cron-based watchdog: this grants persistent presence on the host and requires access to the private key file. That level of persistence is expected for the described functionality but increases the security impact if the built binary or private key is compromised. The skill does not request 'always: true' or modify other skills.