ClawHub
Back to skill
v1.0.2

wachaimandates

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 5:15 AM.

Analysis

The skill is on-purpose for WachAI mandates, but it asks the agent to install an unreviewed global CLI that manages private signing keys and can sign durable agreements for payments, swaps, or services.

GuidanceInstall only if you are comfortable trusting the WachAI CLI with a dedicated signing wallet. Do not use a wallet that holds valuable assets, review every mandate before signing, and avoid leaving the XMTP receiver running against important storage unless you intend to process incoming mandates.

Findings (4)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation
SeverityHighConfidenceHighStatusConcern
SKILL.md
real actions (payments, swaps, deliveries, services) ... `wachai sign <mandate-id>` ... signs it as **client**, saves it back

Signing is described as acceptance of a durable agreement tied to potentially high-impact real-world actions, but the workflow does not require an explicit approval gate before signing.

User impactIf invoked carelessly, the agent could accept or send a verifiable agreement that the user did not intend to approve.
RecommendationBefore any create, sign, or send-accept command, require the user to review the full mandate JSON, counterparty, amounts, deadlines, and intended effect.
Agentic Supply Chain Vulnerabilities
SeverityMediumConfidenceHighStatusConcern
SKILL.md
npm install -g @quillai-network/wachai

The skill directs installation of an unpinned global npm CLI, and the provided artifact set contains no code for that CLI even though it will handle wallet keys and signatures.

User impactA changed or compromised npm package could run code in the user's environment and interact with mandate wallet material.
RecommendationPin and verify the package version, install from a trusted source, review the CLI package before use, and consider running it in an isolated environment.
Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse
SeverityHighConfidenceHighStatusConcern
SKILL.md
Instead of setting `WACHAI_PRIVATE_KEY` in every terminal, create a shared `wallet.json` ... wallet file: `~/.wachai/wallet.json` ... `WACHAI_PRIVATE_KEY` still works

The skill expects a signing wallet/private key, while the metadata declares no primary credential. That gives the CLI signing identity authority and could be risky if a real EVM key is reused.

User impactThe agent or CLI may be able to sign as a wallet identity, and mishandled keys could affect more than just this skill.
RecommendationUse a dedicated low-risk wallet for mandates, do not reuse wallets that hold funds, protect the wallet file, and require explicit user approval before any signing action.
Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Insecure Inter-Agent Communication
SeverityLowConfidenceHighStatusNote
SKILL.md
`wachai xmtp receive --env production` ... listens for incoming XMTP messages ... saves the embedded mandate to local storage

Receiving and storing mandates over XMTP is purpose-aligned, but it means external agent messages can create local mandate records that should not be blindly trusted.

User impactUntrusted incoming mandates may appear in local storage and could later be signed if not carefully reviewed.
RecommendationTreat received mandates as untrusted until verified; inspect the full JSON and counterparty identity before signing or sending them onward.