ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

AgnicPay x402 Wallet check balance

v1.0.0

Check USDC balance across networks (Base, Solana)

0· 140·0 current·0 all-time
by@agnicpay-prog
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The name/description (check USDC balances on Base and Solana) align with the SKILL.md steps which call an `agnic` CLI to query balances. Asking for a token or `auth login` is consistent with needing user auth to read balances.
!
Instruction Scope
The instructions tell the agent to run `npx agnic@latest ...` which will download and execute code from the npm registry at runtime. The SKILL.md does not instruct reading any unrelated files or environment variables, but running arbitrary remote code can itself read local files or network resources — the skill gives the agent the ability to run that code and supply an auth token (AGNIC_TOKEN or --token), which could be exfiltrated by the downloaded package.
!
Install Mechanism
There is no install spec and the runtime relies on `npx agnic@latest` (a live pull of latest package). Using `npx` to execute an unpinned latest package is higher risk because it executes code fetched from the network each run; there is no provenance, home page, or checksum provided.
Credentials
The skill declares no required env vars, but the instructions ask the user to supply `--token` or `AGNIC_TOKEN`. That is reasonable for an auth token, but the nature/scope of that token is unspecified (could be API token, wallet token, or sensitive key). Requiring an unspecified token without describing what it is or its minimum scope is a privacy/security concern.
Persistence & Privilege
The skill is not always-enabled and does not request persistent installation or system configuration changes. Model invocation is allowed (normal). There is no request to modify other skills or system-wide settings.
What to consider before installing
This skill appears to do what it says (query USDC balances) but it runs `npx agnic@latest` at runtime, which downloads and executes code from npm every time — that code could access local files or send any environment value (including any token you provide) off the machine. Before installing or using: 1) ask for the package's homepage/repository and a signed or pinned version (avoid `@latest`); 2) inspect the agnic CLI source or release artifacts yourself; 3) prefer a read-only API token with minimal scope (not a wallet private key); 4) if you must run it, do so in a restricted/sandboxed environment; 5) avoid setting long-lived secrets globally (use temporary tokens or per-session input). If the publisher cannot provide provenance or a fixed release, treat this skill as higher risk.

Like a lobster shell, security has layers — review code before you run it.

latestvk978x6bw7e4rbsmcb2padpjs6d833nrk

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments