Skillv0.1.2

ClawScan security

Create Task · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 3, 2026, 9:54 PM

Verdict: benign
Confidence: medium
Model: gpt-5-mini
Summary: The skill's instructions, required tools, and behavior are coherent with its stated purpose (creating and funding OpenAnt tasks via the @openant-ai CLI), but a few runtime authentication and signing details are not declared and deserve attention.
Guidance: This skill appears to do what it says: it runs the @openant-ai CLI (via npx) to create and optionally fund on-chain bounties. Before using it, confirm the following: (1) Understand how the CLI authenticates and signs transactions in your environment — the SKILL.md mentions 'Turnkey' signing and wallet operations but does not declare where keys/credentials come from. (2) Funding a task will create and sign real on-chain transactions that can spend crypto — always verify the wallet balance and explicitly confirm any funding action. (3) npx will fetch the package from npm at runtime; if you require higher supply-chain assurance, pre-install a vetted version of @openant-ai/cli or inspect the npm package before use. (4) Review related helper skills (authenticate-openant, check-wallet) to see how authentication is handled. If you need a stricter security posture, require the CLI to be pre-installed, audit the npm package, and verify the signing provider before granting the agent permission to run funding commands.

Review Dimensions

Purpose & Capability: okName and description match the SKILL.md: all commands and examples are about creating/funding OpenAnt tasks via the @openant-ai CLI. There are no unrelated binaries, environment variables, or config paths declared that don't fit the purpose.
Instruction Scope: noteSKILL.md limits actions to using the npx @openant-ai/cli for status, wallet, task creation/funding, and AI parsing. It instructs the agent to check auth and wallet balance and to confirm with the user before any on-chain funding. It does not direct the agent to read unrelated files or exfiltrate data. Note: it references external signing ('signs via Turnkey') and other helper skills (authenticate-openant, check-wallet) which are out-of-band; how those operate is not specified here.
Install Mechanism: okInstruction-only skill; no install spec or code files. Runtime relies on 'npx @openant-ai/cli@latest', which will fetch the CLI from npm at execution time. No arbitrary downloads or archive extraction are present in the skill itself.
Credentials: noteThe skill declares no required environment variables or credentials, which is reasonable for an instruction-only CLI wrapper. However, in practice creating/funding tasks requires wallet access and transaction signing (the SKILL.md mentions Turnkey signing). Those credentials/keys and how they are provided (local wallet, hardware wallet, Turnkey account) are not described or declared here — a minor mismatch that users should understand before running funding commands.
Persistence & Privilege: okThe skill is not always-included and does not request elevated/platform-wide persistence. It does not attempt to modify other skills or system-wide agent settings. Model invocation is enabled (normal for skills).