Skillv1.1.1

ClawScan security

Erc8004 Register · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousFeb 11, 2026, 9:46 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill mostly does what it says (on‑chain registration) but the package metadata and instructions are inconsistent about required secrets and related files, so review before use.
Guidance: This skill appears to implement an ERC‑8004 registration CLI and will need and use a wallet mnemonic or private key (ERC8004_MNEMONIC or ERC8004_PRIVATE_KEY) to sign transactions. However the package metadata incorrectly lists no required env vars — treat that as a red flag. Before installing or running: - Do not expose your main/high‑value wallet mnemonic. Prefer a throwaway wallet with minimal funds for testing. - Inspect the full scripts locally (you already have scripts/register.py) to confirm there are no hidden network endpoints or exfiltration logic. The included code fetches RPC endpoints and token/image URLs (expected), but verify the hard‑coded RPC URLs and contract address match official sources. - Be aware the SKILL.md references other scripts (reputation.py, discover.py) that are not included; cross‑skill integration may be incomplete. - If you must run it, run in an isolated environment (VM or container) and provide only a test wallet; avoid pasting your main mnemonic into shared shells. Because of the metadata/instruction mismatch about secrets and missing referenced files, proceed only after confirming the exact code and providing a low‑privilege wallet for testing.

Review Dimensions

Purpose & Capability: concernThe code and SKILL.md implement an ERC-8004 on‑chain registration CLI that requires a wallet (mnemonic or private key) and web3 libraries — this is appropriate for the stated purpose. However the skill registry metadata claims no required environment variables or primary credential, which is incorrect and inconsistent with the runtime instructions and code that explicitly read ERC8004_MNEMONIC or ERC8004_PRIVATE_KEY. Also SKILL.md/README reference companion scripts (reputation.py, discover.py) that are not included in the file manifest.
Instruction Scope: concernThe runtime instructions direct the agent to read wallet credentials from environment variables and to perform network calls (RPC endpoints, fetching tokenURI/image URLs). Those behaviors are necessary for on‑chain registration but they access sensitive secrets (mnemonic/private key). The SKILL.md also mentions querying 'Agentscan' and other cross-skill workflows that reference files not present, which is an inconsistency. The instructions do not attempt to access unrelated system files, but they do assume and require wallet secrets that were not declared in the metadata.
Install Mechanism: okNo install spec (instruction-only plus included Python script). Dependencies are standard Python packages (web3, eth-account) installed via pip per README. There are no downloads from arbitrary servers or archive extraction steps in the manifest.
Credentials: concernThe skill legitimately requires a wallet credential (mnemonic or private key) to sign transactions, which is proportional to on‑chain registration. The problem: the package metadata lists no required env vars or primary credential, but SKILL.md and the script clearly require ERC8004_MNEMONIC or ERC8004_PRIVATE_KEY. This mismatch increases risk because users may not realize the skill will read sensitive secrets. No other unrelated credentials are requested.
Persistence & Privilege: okThe skill is not marked always:true and does not request persistent system privileges in the manifest. It is a normal user‑invocable CLI skill and does not modify other skills' configuration in the provided files.