Skillv1.1.1

ClawScan security

Erc8004 Reputation · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousFeb 11, 2026, 9:46 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's code and instructions generally match an on-chain reputation tool, but the package metadata omits the wallet environment variables the runtime actually requires, which is an important inconsistency users should understand before installing.
Guidance: This skill appears to implement an ERC-8004 reputation CLI and will connect to public RPCs and the specified contract addresses. Important points before installing: - The code requires a wallet for write operations (ERC8004_MNEMONIC or ERC8004_PRIVATE_KEY). Do NOT export your main/high-value mnemonic into environment variables for an untrusted skill. Use a dedicated, low-value wallet or a hardware/remote signer when possible. - The registry metadata incorrectly lists no required env vars — treat the SKILL.md and code as authoritative for runtime behavior. That mismatch is a red flag worth asking the publisher to correct. - The tool talks to external RPC endpoints and (per README/SKILL.md) an Agentscan API for leaderboards. RPC providers will see your transaction payloads (not your private key) and could censor or front-run transactions; prefer a provider you trust. - Review the repository source (especially any remaining parts of scripts/reputation.py not shown) before running write commands. Read-only commands (lookup, my-rep, clients, feedback, leaderboard) do not require your wallet and are safe to run without credentials. If you plan to use the 'give' or 'revoke' functions, verify the contract addresses on-chain independently, consider funding a disposable key, and ask the skill author to update metadata to declare required env vars so expectations are clear.

Review Dimensions

Purpose & Capability: noteName, description, CLI commands, ABI, and use of web3 all match an ERC-8004 on-chain reputation tool. The script interacts with on-chain contracts and chain RPCs (Base, Ethereum, Polygon, Monad, BNB) as expected. However, the registry metadata lists no required environment variables or primary credential while the SKILL.md and code explicitly require a wallet (mnemonic or private key) for write operations — this mismatch is unexplained and notable.
Instruction Scope: okSKILL.md commands and examples are narrowly scoped to reading reputation data and signing transactions to give/revoke feedback. It documents which commands are read-only vs write. The heartbeat examples use local files (/var/log, /tmp) and desktop notifications (notify-send), which are reasonable for monitoring but should be noted. The leaderboard claims to fetch from an Agentscan API (an external endpoint) — that is consistent with the feature but worth auditing if you care about external network calls.
Install Mechanism: okNo automated install spec is provided; this is an instruction-only skill plus a script. Declared dependency installation is a simple pip install of web3 and eth-account — standard for Ethereum tooling. No arbitrary downloads or archive extraction are present in the package metadata.
Credentials: concernWrite operations require sensitive creds (ERC8004_MNEMONIC or ERC8004_PRIVATE_KEY) as documented in SKILL.md and implemented in code (get_wallet reads these env vars). That is proportional to signing blockchain transactions. The concern: the skill registry metadata incorrectly shows 'Required env vars: none' and 'Primary credential: none' — an inconsistency that could cause users to expose secrets unexpectedly. Only the wallet-related env vars are used; no other unrelated credentials are requested.
Persistence & Privilege: okThe skill is not always-included and does not request elevated platform privileges. It does not modify other skills' configuration based on the provided files. Autonomous invocation is allowed (platform default); that is not in itself a new risk here.