Erc8004 Reputation
SuspiciousAudited by ClawScan on May 10, 2026.
Overview
The skill’s reputation features are coherent, but its write operations use wallet secrets and can make public on-chain changes without those credentials or approval boundaries being clearly declared in metadata.
Read-only reputation lookups appear aligned with the skill’s purpose. Before enabling write operations, use a separate low-balance wallet, do not provide a main mnemonic, verify the contract/source, pin dependencies where possible, and require explicit approval before any give or revoke transaction.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the agent environment contains this wallet secret, write commands could use it to sign blockchain transactions, spend gas, and create public reputation changes.
The skill asks for a wallet mnemonic or private key for write operations, but the registry metadata lists no primary credential or env var declarations. Wallet secrets are high-impact authority because they can sign transactions and may control funds beyond this skill.
export ERC8004_MNEMONIC="your twelve word mnemonic phrase here" ... export ERC8004_PRIVATE_KEY="0xabc123..."
Declare these as sensitive optional credentials, prefer a dedicated low-balance wallet, avoid using a main seed phrase, and require explicit user approval before any transaction-signing command.
A mistaken or over-eager invocation could publish feedback or revoke feedback on-chain, potentially costing gas and leaving a public record.
These commands are purpose-aligned, but they are high-impact on-chain write operations. The artifacts do not show a clear confirmation or approval gate for give/revoke before the agent runs them with an available wallet.
python scripts/reputation.py give <agentId> <value> ... python scripts/reputation.py revoke <agentId> <feedbackIndex> [--chain CHAIN]
Add instructions and code-level safeguards that require a final user confirmation showing chain, agent ID, value, tags, gas estimate, and wallet address before sending any write transaction.
Installing unpinned packages or code from an unverified source can change what code runs over time.
The install steps are user-directed and consistent with a Web3 CLI, but dependencies are unpinned and the registry metadata lists the source as unknown/homepage none, so users have limited provenance guarantees.
git clone https://github.com/aetherstacey/erc8004-reputation-skill.git ... pip install web3 eth-account
Use pinned dependency versions, verify the repository/source, and review the script before using it with wallet credentials.