SUIROLL
PassAudited by VirusTotal on May 11, 2026.
Overview
Type: OpenClaw Skill Name: suiroll Version: 1.0.0 The skill is classified as suspicious due to several vulnerabilities related to OpenClaw's permission model, rather than clear malicious intent. Specifically, the `package.json` declares network permissions only for `api.sui.io` and `*.sui.io`, but the code in `src/utils/moltbook.ts` makes HTTP requests to `https://www.moltbook.com/api/v1`. Additionally, the skill attempts to save Moltbook session data to `~/.config/suiroll/moltbook-session.json` (as defined in `src/config.ts` and used in `src/commands/enter.ts`), which is outside the explicitly declared filesystem permission scope of `~/.openclaw/suiroll/` in `package.json`. These discrepancies indicate potential unauthorized network and filesystem access if OpenClaw enforces strict permissions, posing a vulnerability. There is no evidence of intentional data exfiltration, persistence, or prompt injection with malicious objectives.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Users may believe the lottery result has been independently and cryptographically verified when the provided CLI only appears to inspect chain data.
The command is presented as VRF proof verification, but the provided code fetches and displays on-chain object fields and status checks; it does not show cryptographic verification of a VRF proof or winner-selection proof.
.description('Verify lottery results and VRF proof') ... const lottery = await client.getObject({ id: options.lotteryId, options: { showContent: true, showType: true } }); ... checks.push('✅ Lottery object exists on-chain');Clearly disclose what is and is not verified, or implement actual proof/commitment/randomness verification in the CLI before advertising provable fairness.
A stale or edited local session file could cause the CLI to submit the wrong agent ID and weakens the advertised anti-Sybil protection.
A saved local session becomes authoritative for the agent identity used in the lottery entry, without re-verifying the Moltbook token when the session is loaded.
if (session) { console.log('✓ Found saved Moltbook session'); console.log(` Agent: ${session.agent.name}\n`); return session; } ... agentId = agentInfo.agent.id;Re-verify saved sessions with Moltbook before each entry, bind entries to a verifiable token/signature, and fail closed if the session cannot be validated.
Anyone or any local process that can read that file may obtain the Moltbook API key and impersonate or misuse the agent account within Moltbook's API scope.
The CLI persists the Moltbook API key and agent profile in a plaintext JSON file under the user's home config directory.
const sessionPath = path.join(sessionDir, 'moltbook-session.json'); ... fs.writeFileSync(sessionPath, JSON.stringify({ apiKey, agent }, null, 2));Avoid storing API keys by default, use the OS credential store or strict file permissions, document the storage clearly, and provide a logout/delete-session command.
If a valuable wallet key is configured, agent-invoked commands could spend gas or move prize funds through irreversible on-chain transactions.
The skill reads a Sui private key from the environment and uses it to sign and submit blockchain transactions. This is purpose-aligned, but high-impact and not reflected in the registry credential declarations.
const privateKey = process.env.SUI_PRIVATE_KEY; ... const signed = await keypair.signTransaction(bytes); return await client.executeTransactionBlock({ transactionBlock: signed.bytes, signature: signed.signature, ... });Use a dedicated low-value/testnet wallet, require explicit user confirmation for signing actions, and declare the private-key requirement in metadata.
Users may run local package installation/linking steps without the normal registry install visibility.
The documentation instructs users to install and globally link an npm CLI even though the registry says there is no install spec. That is expected for a CLI, but should be reviewed because the package handles credentials.
cd ~/.openclaw/skills/suiroll npm install npm link
Inspect package.json and package-lock.json before installing, pin/review dependencies, and add an explicit install spec or clearer provenance information.