Skillv0.1.0

ClawScan security

Meganode Skill · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 2, 2026, 7:49 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's documentation and runtime instructions largely match its NodeReal MegaNode purpose, but there are minor inconsistencies (undeclared environment variables in examples) and a pre-scan prompt-injection signal (base64-block) in SKILL.md that merit manual review before installing or trusting this skill with secrets.
Guidance: This skill appears to be legitimate documentation and examples for NodeReal MegaNode APIs, but take these precautions before installing or using it: - Manually inspect the full SKILL.md (look for any unexpected encoded/base64 blocks or hidden instructions); the scanner flagged a base64-block pattern that should be reviewed. - Do not provide your private key directly to the agent in chat. If you need to sign transactions, use a local wallet, hardware signer, or set ephemeral environment variables under your control. Prefer read-only queries for testing. - Treat the skill's request for NODEREAL_API_KEY as reasonable for operation, but only supply an API key you control; consider creating a limited-scope or ephemeral key for initial testing. - When the skill asks for confirmation before writes (transactions, MegaFuel policies, builder submissions), read payloads carefully. For bundle/private transactions, confirm recipients, values, and gas parameters every time. - If you plan to use Direct Route / builder APIs (mempool bypass / private transactions), be aware these examples reference signing and PRIVATE_KEY usage; prefer using an external signer and never paste long-lived private keys into chat. - If you want higher assurance, run the skill in a restricted environment or sandbox, monitor outbound network calls, and revoke any test API key after you finish evaluating. If you want, I can (1) fetch and show the full SKILL.md contents so you can inspect any base64 blocks together, or (2) extract all places where environment variables or secret-like values are referenced so you can decide which credentials to provide.
Findings: [base64-block] unexpected: The regex scanner flagged a base64-block pattern in SKILL.md content. The visible SKILL.md excerpts do not obviously include encoded payloads, but this finding could indicate an embedded encoded block (possibly documentation artifacts or examples). Because this is an instruction-only skill, any hidden/encoded instruction inside SKILL.md could be used for prompt injection. Manual inspection of the full SKILL.md is recommended to confirm the nature and purpose of the base64 content.

Review Dimensions

Purpose & Capability: okName/description match content: SKILL.md and reference files are comprehensive NodeReal MegaNode API docs and examples for RPC, Enhanced APIs, MegaFuel, Direct Route, debug/trace, Greenfield, etc. Nothing requested or instructed appears unrelated to providing NodeReal/MegaNode functionality.
Instruction Scope: noteSKILL.md contains detailed runtime instructions and examples for using NodeReal APIs and explicitly instructs agents to check for an API key and prefer testnets / read-only ops by default. It also includes examples that reference environment variables (NODEREAL_API_KEY, MEGANODE_RPC_URL, and a PRIVATE_KEY example for signing), and it instructs not to search user files for keys and to ask the user directly if the API key is missing. Overall scope is appropriate for the described purpose, but the file includes examples touching transaction signing/submission (eth_sendRawTransaction, eth_sendPrivateTransaction, eth_sendBundle) which are sensitive and rely on correct prompting and user confirmations; the instructions do include explicit 'confirm before write' safeguards.
Install Mechanism: okThis is instruction-only with no install spec and no bundled code — lowest-risk install footprint. Nothing is written to disk or downloaded by the skill itself.
Credentials: noteRegistry metadata declares no required env vars, but the SKILL.md repeatedly references NODEREAL_API_KEY and MEGANODE_RPC_URL and uses process.env.PRIVATE_KEY in code examples. That mismatch is not catastrophic (the skill can operate without forcing env vars), but it's an inconsistency and a reminder: the skill will expect an API key for useful operation and examples show private-key usage for sending private/bundled transactions — do not paste or expose private keys directly to the agent. The skill itself instructs to never accept private keys and to use env vars/wallet signers, which mitigates risk, but users must follow that guidance.
Persistence & Privilege: okNo 'always: true' privilege, no persistence or automatic enabling changes, and no install-time scripts. Autonomous invocation is allowed (platform default) but does not combine with other high-risk indicators here.