Structs Economy
ReviewAudited by ClawScan on May 14, 2026.
Overview
This instruction-only skill is consistent with managing Structs economy actions, but it can guide irreversible wallet transactions, so users should verify every command before signing.
Install only if you intend the agent to help prepare Structs economy transactions. Before signing anything, verify the wallet, recipient or validator address, amount and denomination, provider/allocation IDs, and whether the operation is irreversible or cascading.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A mistaken or unauthorized command could permanently transfer tokens, lock stake, destroy Alpha Matter, or disrupt connected energy infrastructure.
The skill documents commands that can irreversibly spend or lock assets and mutate economic infrastructure. This is central to the skill's purpose and is warned about, but users should treat these as high-impact actions.
`struct-generator-infuse [struct-id] [amount] TX_FLAGS`. **IRREVERSIBLE** — Alpha cannot be recovered ... `player-send [from-address] [to-address] [amount] TX_FLAGS`.
Review exact addresses, amounts, validator IDs, and deletion targets before signing. Do not allow automatic transaction approval or broad TX_FLAGS such as auto-confirmation unless intentionally chosen.
If the agent uses the wrong wallet, account, or signing profile, it could perform irreversible actions under that account.
The skill's operation depends on wallet authority even though no credential contract is declared. This appears expected for Structs transactions, but it is sensitive delegated authority.
Capability signals: crypto; requires-wallet; requires-sensitive-credentials. Required env vars: none. Primary credential: none.
Use a scoped wallet/account, confirm the active signer before each transaction, and avoid sharing seed phrases or private keys with the agent.
Users may have less certainty that the reviewed package metadata exactly matches the registry listing.
The included _meta.json version differs from the registry version shown as 1.3.1. There is no runnable code or install step, so this is a provenance/packaging note rather than evidence of malicious behavior.
"version": "1.0.1"
Verify the publisher and current version before installing, especially because the skill can guide wallet transactions.