Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Send Token
v0.1.2Transfer tokens on Solana or Base. Use when the user wants to send, transfer, or pay tokens. Supports native coins (SOL, ETH) and tokens (USDC) by name, plus...
⭐ 0· 317·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The skill's name/description (send tokens on Solana/Base) aligns with the actions described in SKILL.md. However, the instructions require running 'npx @openant-ai/cli@latest', yet the skill metadata lists no required binaries or install steps. At minimum this implies the environment must have node/npm (or otherwise be able to run npx), which is not declared.
Instruction Scope
The SKILL.md stays focused on token transfers: it instructs checking status and balance, mapping NL to CLI args, and explicitly requires explicit user confirmation before sending. It does not instruct reading arbitrary files or exfiltrating unrelated data. The 'override RPC' option could be used to point to arbitrary RPC endpoints, which is expected functionality but increases attack surface if misused.
Install Mechanism
There is no install spec, but the instructions rely on 'npx @openant-ai/cli@latest'. npx dynamically fetches and executes a package from the npm registry at runtime. That means arbitrary remote code could be executed when the agent runs these commands. Using npx is common, but it is a runtime code fetch that should be acknowledged and vetted (verify package ownership, version pinning, and review source).
Credentials
The skill declares no required env vars or config paths, but it implicitly depends on the OpenAnt CLI being authenticated to a wallet (mentions an 'authenticate-openant' skill). The SKILL.md does not state where keys/credentials are stored or accessed (local CLI config, OS keychain, hardware wallet, etc.). That omission is noteworthy because token transfers require access to signing credentials; the user should confirm how authentication is managed and protected.
Persistence & Privilege
The skill does not request permanent presence (always:false) and does not modify other skills or system-wide config. disable-model-invocation is false (normal). There is no evidence it requests elevated platform privileges.
What to consider before installing
This skill appears to do what it says (send tokens), but before installing or using it you should: 1) Confirm you have and trust the @openant-ai/cli package on npm (review its npm/GitHub page and prefer a pinned version rather than @latest). 2) Be aware that running the provided commands will cause npx to download and execute remote code at runtime — this can run arbitrary code on your machine. 3) Verify how your wallet/authentication is stored and that you’re comfortable the CLI will only use keys to sign transactions (check the authenticate-openant flow). 4) When using the skill, always double-check recipient addresses, chain selection, and gas reserves; consider running CLI commands yourself (not via an agent) until you trust the tool and package. 5) If you do install/use it, prefer manual invocation or require explicit human confirmation for any send operation; avoid granting this skill autonomous permission to execute transfers.Like a lobster shell, security has layers — review code before you run it.
latestvk97f5nes90pw8nwz8zh5cwpard827a40
License
MIT-0
Free to use, modify, and redistribute. No attribution required.