Back to skill
Skillv1.0.0
ClawScan security
Gotchi Pocket · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 6, 2026, 7:55 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's code, runtime instructions, and requested credential are coherent with its stated purpose (managing Aavegotchi pockets via the Bankr agent); nothing appears to be trying to do unrelated or hidden actions.
- Guidance
- This skill appears to do what it says: it reads on-chain data via cast and uses Bankr to sign/submit transactions. Before installing, confirm you trust the Bankr service (default BANKR_API_URL is https://api.bankr.bot) because the BANKR_API_KEY allows submission of transactions and querying the Bankr agent. Note the scripts will try to auto-discover a Bankr API key in your systemd user environment and OpenClaw skill config paths (~/.openclaw/...), so if you don't want that behavior either (a) don't place Bankr credentials in those locations or (b) review/modify the scripts. If you plan to run withdraw or send commands, keep the default owner-check enabled (SKIP_BANKR_OWNER_CHECK=0) and use the natural-language approval flag (--approve-withdraw) to avoid accidental outgoing transfers. Finally, consider auditing the included scripts locally (they are plaintext) and pinning BANKR_API_URL or supplying a dedicated API key with restricted scope if Bankr supports it.
Review Dimensions
- Purpose & Capability
- okName/description (gotchi pocket management on Base via Bankr) match the actual behavior: resolving gotchi/pocket addresses, checking balances, and submitting transactions via Bankr. Required binaries (cast, jq, curl, python3) are appropriate for on-chain calls, JSON handling, HTTP calls, and the natural-language dispatcher.
- Instruction Scope
- noteSKILL.md directs the agent to run included scripts that query the chain (via cast) and communicate with Bankr's API to lookup the Bankr wallet and submit transactions. The scripts enforce an owner check by default and require explicit approval for natural-language withdraw intents. One notable behavior: the scripts will attempt to find a Bankr API key in multiple places (env, systemd user environment, and other local OpenClaw Bankr skill config paths), which is out-of-band relative to the simple 'provide BANKR_API_KEY' expectation but is intended to reuse an existing Bankr credential.
- Install Mechanism
- okNo remote install/downloads or archive extraction are used; the skill is delivered as scripts included in the package and runs locally. There are no brew/npm/go installs or remote extracts in the install spec.
- Credentials
- noteOnly one primary credential is required (BANKR_API_KEY), which makes sense because Bankr is used to sign/submit transactions. However, the scripts also look for that API key in systemd user environment and in other local skill config files (~/.openclaw/skills/bankr/config.json and workspace path). This file/systemd probing could be surprising to users who expect only the explicit env var to be used; it does not appear malicious but is broader file access than the high-level docs state.
- Persistence & Privilege
- okThe skill does not request permanent/global inclusion (always=false) and does not modify other skills or system settings. It only reads local config files and environment variables and submits transactions through the Bankr API; it does not write persistent agent configuration.