Skillv0.3.0

ClawScan security

PayGents · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignFeb 20, 2026, 10:20 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's files, scripts, and runtime instructions are coherent with its stated purpose (generate deeplinks, verify on‑chain, produce receipts) and do not request unrelated credentials or installs, though there are a few privacy and persistence details users should be aware of.
Guidance: This skill appears to do what it says: build mobile wallet deeplinks, query public RPCs to verify transactions, and produce receipts — and it does not request private keys or API keys. Before installing or enabling it: 1) Be aware public RPC endpoints (default fallbacks) will see wallet addresses and tx hashes; set RPC_<chainId> env vars or a local config.json to point to a private node if you want more privacy. 2) The skill can write receipts to disk (if you use --out) and the instructions recommend persisting a wallet preference — decide whether you want that stored in agent memory or cleared between sessions. 3) The rpc-config code looks for config.json in the skill root and the current working directory — ensure you review any config.json it might pick up to avoid unintended data exposure. 4) Test on a testnet (Sepolia / Base Sepolia) before using mainnet, and verify the skill's origin (the manifest's source is unknown; README references a GitHub repo). 5) No API keys are required, and you should never type or paste private keys into prompts; the workflow intentionally relies on the user's wallet app to approve transactions. If you need stronger privacy, point RPC_* to a node you control and avoid enabling long-term persistence of wallet preferences or receipts.

Review Dimensions

Purpose & Capability: okThe name/description (generate MetaMask/Trust deeplinks, verify txs, check balances, issue receipts) matches the included scripts and library. Declared requirements (node, bash) are appropriate for the shipped JS/Bash scripts. There are no extraneous credentials or unrelated binaries requested.
Instruction Scope: noteSKILL.md and the scripts focus on link generation, RPC calls, scanning blocks/logs, and receipt generation—all within the described scope. The instructions ask the agent to "ask once, remember forever" for wallet preference and to persist session memory; the codebase does not implement agent memory handling but does provide file-based receipt saving. The skill will query public RPC endpoints by default (exposing queried addresses/tx hashes to those RPC operators), which the README/SKILL.md does note. The instruction to "remember forever" is a privacy/persistence choice and should be considered when enabling the skill.
Install Mechanism: okNo install spec or remote downloads are used; this is an instruction-only skill with local scripts included. Nothing in the manifest installs external binaries or fetches code at runtime. Risk from install mechanism is low.
Credentials: noteThe skill declares no required env vars or credentials (consistent with 'no API keys'). The code supports optional RPC overrides via environment variables named RPC_<chainId> and reading a local config.json; these are reasonable for RPC customization but are not listed in requires.env. Public RPC fallbacks are hardcoded and will see addresses/tx hashes used. The scripts may also read a config.json from the skill root or current working directory — review that file before running to avoid unintended config leakage. No other secrets or unrelated credentials are requested.
Persistence & Privilege: notealways:false. The skill suggests persisting a user's wallet preference ('remember forever') in agent memory; the provided code does not implement the agent memory storage but does implement writing receipts to disk if requested. Persisted preferences or saved receipts are normal for this functionality but are a privacy consideration: they can contain wallet addresses, tx hashes, memos, and merchant names. The skill does not modify other skills or global agent settings.