Skillv1.2.0

ClawScan security

Pet Operator · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

BenignMar 6, 2026, 7:54 PM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's code, required binaries, and runtime instructions are consistent with its stated purpose (generating approve/revoke tx data, checking on-chain approval, and maintaining pet-me bookkeeping); nothing in the package attempts unexplained network exfiltration or credential access.
Guidance: This package appears to do what it claims: generate hex calldata, check approval on-chain, and update a pet-me config. Before installing or running: 1) Confirm you have cast and jq from trusted sources; 2) Verify PET_ME_CONFIG_FILE is pointed at the correct pet-me-master config (not an unrelated/privileged file) so the scripts don't overwrite unintended data; 3) Understand the scripts only produce calldata and perform read-only on-chain calls — they do not sign or transmit transactions for you (you must sign/send the generated hex yourself); 4) Review the default RPC endpoint and change it if you prefer a different provider; and 5) If you're unsure, run the check-approval and generate-* scripts with a non-critical wallet first to validate behavior.

Purpose & Capability: okName/description match the included scripts and required binaries. cast and jq are appropriate for on-chain calls and JSON manipulation; the scripts perform the described tasks (generate calldata, call contract read methods, and update a pet-me config).
Instruction Scope: noteSKILL.md and scripts stay within the stated scope (on-chain reads via RPC, produce calldata, and update the pet-me-master config). The scripts read and overwrite a user-specified config file (PET_ME_CONFIG_FILE) and create backups; this is expected for bookkeeping but means the skill will modify files at the configured path.
Install Mechanism: okInstruction-only skill with no install spec and no external downloads. All code is bundled in the repo; nothing pulls arbitrary code from external URLs at install time.
Credentials: noteNo credentials or secret env vars are requested. The scripts use an RPC URL (default https://mainnet.base.org) and rely on cast for read calls or user-signed transactions. One caution: PET_ME_CONFIG_FILE is overridable and the scripts will write to that path — ensure it is set to the intended pet-me config so the skill cannot accidentally overwrite unrelated files.
Persistence & Privilege: okalways is false and the skill does not request persistent platform privileges. It only writes to its own target config file(s) (delegatedWallets / wallets) and does not alter other skills or system-wide agent settings.