Skillv1.0.0

ClawScan security

usd1 transfer · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignFeb 11, 2026, 9:08 AM

Verdict: benign
Confidence: medium
Model: gpt-5-mini
Summary: The skill's code and instructions match its stated purpose (transferring USD1 via Wormhole), but there are implementation and supply-chain details you should review before use (private key handling, dependency audit, and address-format correctness).
Guidance: This skill appears to do what it says (transfer USD1 via Wormhole) but exercise caution before installing or running it with real funds: - Private key handling: the skill requires a raw privateKey input. Avoid pasting production private keys. Prefer a signing service, ephemeral/test keys, or hardware wallet integration rather than exposing raw keys to skills. - Test first: run only on testnet and with very small amounts until you verify behavior. SKILL.md says Testnet by default, but confirm runtime actually uses testnet endpoints in your environment. - Address format: double-check the recipient address encoding for the chosen chain (the code constructs a UniversalAddress with 'hex' which may be incorrect for some chains such as Solana). Sending to a malformed address can irreversibly lose funds. - Dependency/supply-chain risk: there is a package-lock with many npm dependencies (some with deprecation/security notes). Audit or vendor the dependencies and run dependency scanners before installing in sensitive environments. - Operational controls: restrict this skill to user-invoked use only (do not enable it to run autonomously), and review logs/outputs for unexpected network calls. If possible, require an explicit approval step before sending transactions. If you want, I can: (a) list the dependency warnings found in package-lock, (b) check the code for specific address-format fixes, or (c suggest a safer design that uses an external signer instead of raw private keys.

Review Dimensions

Purpose & Capability: okThe skill name/SKILL.md describe a USD1 (Wormhole/USDC) transfer and the index.js implements a transfer using the Wormhole SDK. Required input (private key, amount, recipient) is consistent with a wallet transfer. Minor implementation issues (address format and numeric conversion) are present but do not indicate misalignment with the stated purpose.
Instruction Scope: noteSKILL.md confines behavior to performing a transfer and asks for the sender private key as a secure input. The runtime code only uses provided inputs and the Wormhole SDK; it does not read other files or unrelated environment variables. Note: instructions require direct private key input (raw key material), which expands the attacker surface if mishandled.
Install Mechanism: noteNo install spec is provided (instruction-only), but a package.json and package-lock exist listing @wormhole-foundation/* and many third-party npm deps. There is no direct download-from-URL risk, but a dependency-heavy npm tree increases supply-chain risk and includes packages with deprecation/security notes (see guidance).
Credentials: okNo environment variables or external credentials are requested beyond the sender private key (provided as a secure input), which is proportionate for a wallet transfer. The skill does not demand unrelated secrets or system credentials.
Persistence & Privilege: okThe skill does not request always:true, does not declare system-wide config changes, and appears not to persist or escalate privileges. Agent autonomous invocation remains enabled by default (platform behavior) but is not requested by the skill itself.