SUIROLL
SuspiciousAudited by ClawScan on May 10, 2026.
Overview
SUIROLL mostly matches a Sui lottery tool, but it handles wallet/API credentials and makes fairness/authentication claims that the provided code does not fully support.
Review carefully before installing. Use only a dedicated low-value/testnet Sui key, assume Moltbook credentials may be stored under ~/.config/suiroll, and do not rely on the advertised provable-fairness or anti-Sybil guarantees unless the developer adds real verification and clearer credential handling.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Users may believe the lottery result has been independently and cryptographically verified when the provided CLI only appears to inspect chain data.
The command is presented as VRF proof verification, but the provided code fetches and displays on-chain object fields and status checks; it does not show cryptographic verification of a VRF proof or winner-selection proof.
.description('Verify lottery results and VRF proof') ... const lottery = await client.getObject({ id: options.lotteryId, options: { showContent: true, showType: true } }); ... checks.push('✅ Lottery object exists on-chain');Clearly disclose what is and is not verified, or implement actual proof/commitment/randomness verification in the CLI before advertising provable fairness.
A stale or edited local session file could cause the CLI to submit the wrong agent ID and weakens the advertised anti-Sybil protection.
A saved local session becomes authoritative for the agent identity used in the lottery entry, without re-verifying the Moltbook token when the session is loaded.
if (session) { console.log('✓ Found saved Moltbook session'); console.log(` Agent: ${session.agent.name}\n`); return session; } ... agentId = agentInfo.agent.id;Re-verify saved sessions with Moltbook before each entry, bind entries to a verifiable token/signature, and fail closed if the session cannot be validated.
Anyone or any local process that can read that file may obtain the Moltbook API key and impersonate or misuse the agent account within Moltbook's API scope.
The CLI persists the Moltbook API key and agent profile in a plaintext JSON file under the user's home config directory.
const sessionPath = path.join(sessionDir, 'moltbook-session.json'); ... fs.writeFileSync(sessionPath, JSON.stringify({ apiKey, agent }, null, 2));Avoid storing API keys by default, use the OS credential store or strict file permissions, document the storage clearly, and provide a logout/delete-session command.
If a valuable wallet key is configured, agent-invoked commands could spend gas or move prize funds through irreversible on-chain transactions.
The skill reads a Sui private key from the environment and uses it to sign and submit blockchain transactions. This is purpose-aligned, but high-impact and not reflected in the registry credential declarations.
const privateKey = process.env.SUI_PRIVATE_KEY; ... const signed = await keypair.signTransaction(bytes); return await client.executeTransactionBlock({ transactionBlock: signed.bytes, signature: signed.signature, ... });Use a dedicated low-value/testnet wallet, require explicit user confirmation for signing actions, and declare the private-key requirement in metadata.
Users may run local package installation/linking steps without the normal registry install visibility.
The documentation instructs users to install and globally link an npm CLI even though the registry says there is no install spec. That is expected for a CLI, but should be reviewed because the package handles credentials.
cd ~/.openclaw/skills/suiroll npm install npm link
Inspect package.json and package-lock.json before installing, pin/review dependencies, and add an explicit install spec or clearer provenance information.