ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Pet Me Master - Autonomous Aavegotchi Petting

v2.4.4

Batch-pet Aavegotchis on Base via Bankr with cooldown checks, reminder automation, and natural-language routing.

0· 640·3 current·3 all-time
by@aaigotchi
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Declared purpose (batch-petting via Bankr) aligns with required binaries (cast, jq, curl, python3) and BANKR_API_KEY. However there are inconsistencies: several files expect different config schemas (README/SKILL.md examples use config.walletAddress/gotchiIds, while scripts/pet-all-bankr.sh expects ~/.openclaw/.../config.json to contain .wallets[] objects). clawhub.json lists dependencies (foundry, bankr-cli, bc) that are not enforced by SKILL.md. These mismatches are sloppy and could lead to surprises.
!
Instruction Scope
Runtime instructions and scripts legitimately query the chain, call Bankr API, and send Telegram notifications. But the skill also: (a) tries to read Bankr config files belonging to another skill (~/.openclaw/skills/bankr/config.json and workspace variant), (b) will call systemctl --user to read exported environment variables, (c) schedules recurring background jobs (at, cron or background sleep) and asks the agent to create cron jobs. Reading other skill config and systemctl environment and installing persistent scheduled tasks expands the scope beyond a simple 'one-off' action — user should expect persistent automation and cross-skill config access.
Install Mechanism
No external install/download spec; this is instruction- + script-based. Nothing in the manifest downloads or executes code from untrusted URLs. Code is included in the package, so install risk is limited to running local scripts.
Credentials
The only explicitly required env var is BANKR_API_KEY which is reasonable for submitting transactions via Bankr. The code also reads PET_ME_* and TELEGRAM_* environment variables (for wallet/chat resolution) and will probe systemctl user environment and other skill config files for the Bankr API key. That behavior is consistent with the feature but raises a mild privacy/credential-surface concern: it will attempt to discover the Bankr key from multiple places and will access another skill's config file if present.
!
Persistence & Privilege
The package intentionally implements persistent automation: it schedules at/cron jobs, spawns background sleeps, and provides an init-automation script that asks an agent to create cron jobs. Although always:false (not force-installed), once a user runs the init/setup the skill can self-perpetuate and run unattended transactions via Bankr. This persistent capability combined with transaction submission privileges increases blast radius and deserves explicit user consent and periodic review.
What to consider before installing
What to check before installing or running this skill: - Confirm you trust Bankr and the BANKR_API_KEY you will provide. The skill will submit transactions using that key and will attempt to read the key from env, systemctl user env, or other Bankr config files. - Inspect and correct your config.json. There are inconsistent config schemas across docs and scripts (some scripts expect .gotchiIds and walletAddress, others expect .wallets[] entries). Ensure your file matches the script you intend to run. - Test in dry-run mode first (many scripts support --dry-run or pet-all.sh will emit a dry-run JSON) and run commands manually before enabling automation. - Review the transaction calldata logic. I noticed mismatches in documentation vs code (different function selector noted in references vs encode_interact_calldata). That can cause incorrect calldata/failed transactions — ask the maintainer or verify the calldata with a safe dry-run. - Be aware this skill schedules persistent background jobs (at/cron/sleep). If you enable automation (init-automation), it will create scheduled work that runs indefinitely and can submit real transactions if conditions are met. Only enable after you confirm behavior and set appropriate safeguards. - Because the scripts read other files (~/.openclaw/skills/bankr/config.json) and probe systemctl environment, keep sensitive keys limited and consider using a throwaway Bankr key with minimal privileges for testing. If the maintainer can provide a single canonical config spec and confirm the correct interact() selector/calldata encoding, and if you validate Bankr's API behavior in dry-run mode, the inconsistencies look like sloppy engineering rather than malicious intent. Until then, treat it cautiously and run as a human-in-the-loop rather than granting fully unattended automation.
scripts/send-reminder.js:76
Shell command execution detected (child_process).
Patterns worth reviewing
These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.

Like a lobster shell, security has layers — review code before you run it.

aavegotchivk97e0gt2ad6rgvy6692m7zs5q5829d85automationvk97e0gt2ad6rgvy6692m7zs5q5829d85bankrvk9721z9ja0zgkxaq4pbvpqsb1x81b45dbasevk97e0gt2ad6rgvy6692m7zs5q5829d85defivk9798kwkbp24nya9jr21ewhazh812x9clatestvk97823cbfjg3k7zmw58zvz8vqh83cwgcnftvk97e0gt2ad6rgvy6692m7zs5q5829d85pettingvk97e0gt2ad6rgvy6692m7zs5q5829d85self-schedulingvk97e0gt2ad6rgvy6692m7zs5q5829d85

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

Binscast, jq, curl, python3
EnvBANKR_API_KEY

Comments