Skillv1.0.0

ClawScan security

KarmaBank · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousFeb 11, 2026, 9:00 AM

Verdict: suspicious
Confidence: high
Model: gpt-5-mini
Summary: The skill's documentation claims a runnable CLI to borrow USDC, but the bundle lacks implementation files and includes incoherent packaging/dependency references and optional sensitive API keys—this mismatch warrants caution before installing or providing credentials.
Guidance: Do not install or provide secrets to this skill yet. The package in the registry contains only docs and package.json but no source/CLI, and the package.json references a local dependency path—this indicates the bundle is incomplete or packaged for a different workspace. If you want to proceed: 1) Inspect the upstream GitHub repo (https://github.com/abdhilabs/karmabank) and verify the source code, build artifacts, and published releases match the SKILL.md. 2) Never supply production CIRCLE_API_KEY or CIRCLE_ENTITY_SECRET without code review; use testnet/dev keys and a sandboxed environment. 3) Be cautious running npm install from an untrusted repo (it downloads remote packages). 4) Prefer only installing from a verified release or after the author corrects the local file dependency and includes the CLI source. If you cannot verify these, treat the skill as untrusted and avoid providing credentials or running its install commands.

Review Dimensions

Purpose & Capability: concernThe SKILL.md and README describe a CLI (karmabank) that interacts with Moltbook and Circle to register agents, create wallets, and move USDC. However the skill bundle contains no source files or CLI implementation—only package.json and docs—so the claimed functionality is not present in the package. package.json also references a local dependency ('file:../skills/circle-wallet'), which is incoherent for a published skill and will fail or pull in unexpected local content when installed.
Instruction Scope: noteRuntime instructions tell the agent to run npm install, npm run build, and then CLI commands that call external services (Moltbook, Circle). The steps themselves are limited to expected operations for this purpose, but they require executing package installs and network calls. The SKILL.md does not instruct reading unrelated system files, but it does rely on optional environment secrets for Circle (sensitive) and Moltbook.
Install Mechanism: concernThere is no install spec in the registry (instruction-only), but the README instructs running npm install which would fetch dependencies from npm. package.json lists reasonable public packages but also a local file dependency ('@circle/openclaw-wallet-skill': 'file:../skills/circle-wallet') that is not resolvable from the published bundle and suggests the package was packaged for a specific local workspace rather than general distribution. The bundle also lacks the source files referenced by package.json (no src/ or dist/), making the recommended build steps impossible without pulling code from the external GitHub link.
Credentials: concernSKILL.md references MOLTBOOK_API_KEY, CIRCLE_API_KEY, and CIRCLE_ENTITY_SECRET for real wallet operations. These are sensitive credentials and are only optional in docs, but the skill requires them to perform real Circle wallet actions. The registry metadata declares no required env vars, so the runtime instructions expect users to supply secrets outside the declared manifest. Requesting Circle credentials is plausible for creating wallets, but the combination of absent implementation and external installs increases risk if you provide production keys.
Persistence & Privilege: okThe skill does not request 'always: true' or other elevated persistence. It is user-invocable and allows autonomous invocation by default (platform normal). There is no evidence the skill attempts to modify other skills or system configuration in the provided materials.