Skillv1.0.0

ClawScan security

KarmaBank · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousFeb 11, 2026, 9:00 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's code and runtime instructions largely match its lending purpose, but the registry metadata omits the sensitive credentials and install expectations the skill actually requires, and there are a few packaging/installation oddities worth investigating before use.
Guidance: This skill implements the advertised lending logic, but there are mismatches you should resolve before installing or supplying secrets. Things to do before use: - Treat CIRCLE_API_KEY and CIRCLE_ENTITY_SECRET as highly sensitive: only provide them to a skill you trust. Prefer using testnet/faucet keys and rotate them after testing. - Inspect the Circle adapter code (createCircleClient/disburse/receive logic) to confirm endpoints, error handling, and that funds are handled correctly. Do not provide production keys until you review it. - Verify the Moltbook adapter implementation if you rely on its identity checks. - Note the package.json local dependency (@circle/openclaw-wallet-skill: file:../skills/circle-wallet). Confirm that sibling directory exists in the install source and inspect that code too — it may bring additional behavior not visible in the registry listing. - Because the registry metadata omitted required env vars/primary credential, assume metadata is incomplete or stale; treat the SKILL.md and package.json as the true source of requirements. - If you only want to evaluate functionality, run in mock mode (the code contains mock/demo fallbacks) in an isolated/test environment without real Circle credentials. - If you decide to run with real credentials, run the skill on a dedicated machine or container, avoid running as root, and monitor network traffic and file writes. Rotate credentials after use. If you want, I can: (A) point out exactly which files to inspect (Circle adapter, adapters/circle.ts, services/credit.ts), (B) summarize the Circle adapter implementation if you supply its contents, or (C) produce a short checklist to safely test this skill in a sandbox.

Review Dimensions

Purpose & Capability: concernName/description (USDC lending by Moltbook karma) align with source code (scoring, ledger, Circle adapter). However the registry metadata lists no required environment variables or primary credential even though SKILL.md and the code clearly require Circle credentials (CIRCLE_API_KEY, CIRCLE_ENTITY_SECRET) for real wallet operations and optionally a MOLTBOOK_API_KEY. package.json also depends on @circle/openclaw-wallet-skill via a local file reference (file:../skills/circle-wallet), which implies a sibling skill or additional files are expected — this is inconsistent with the registry's 'none' requirements.
Instruction Scope: noteSKILL.md is explicit and scoped to the credit/lending workflow: it instructs admins to create a .env with Circle and optional Moltbook keys, to run npm install/build, and to run CLI commands. It does not ask the agent to read arbitrary host files or exfiltrate data. Still, the runtime instructions require the operator to provide sensitive API keys and run third-party code (npm install, npm link), so the agent will be performing network calls (Moltbook, Circle) and on-disk ledger operations — expected for this purpose but requiring care.
Install Mechanism: concernThere is no registry install spec, yet the SKILL.md instructs manual installation (clawhub install or git clone) and running npm install/build/npm link. The package pulls npm dependencies including a Circle SDK and a local file dependency (@circle/openclaw-wallet-skill: file:../skills/circle-wallet). Installing will write and run third‑party code on disk; the local-file dependency is unusual in a registry package and may fail or pull in sibling skill code, which is an unexpected installation detail.
Credentials: concernThe skill needs sensitive credentials (CIRCLE_API_KEY, CIRCLE_ENTITY_SECRET) for pool funding and management and optionally MOLTBOOK_API_KEY for verification. Those environment variables are explained in SKILL.md and used by code, but the registry metadata declares none and primaryEnv is unset — an inconsistency that could mislead users into installing without realizing they must supply secrets. The requested secrets are proportional to the admin role, but the omission from metadata is problematic.
Persistence & Privilege: noteThe skill does not request always:true and does not appear to modify other skills or system-wide settings. It will, however, store ledger files (credit ledger path) and may persist loan/agent state to disk when run. The package.json local-file dependency could create implicit ties to another skill directory, which is worth checking but is not an outright privilege escalation.