Skillv1.0.0

ClawScan security

USD1 Transaction · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousFeb 11, 2026, 9:04 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's code and instructions are internally consistent for performing a USDC transfer on Wormhole testnet, but it asks the user to supply a raw private key (highly sensitive), has no provenance (no homepage/source/author), and includes many heavy dependencies (some flagged as deprecated) that increase attack surface — so proceed with caution.
Guidance: This skill appears to implement a testnet USDC transfer using the Wormhole SDK and will ask you to provide a wallet private key at runtime. Before installing or using it: (1) do NOT supply a real/production private key — use a throwaway testnet wallet only; (2) review the bundled code and dependencies yourself or have a maintainer you trust audit them (package-lock includes many transitive packages and some deprecation notes); (3) prefer designs that use delegated signing (e.g., signing service, hardware wallet, or ephemeral key signing) rather than handing raw private keys to a skill; (4) verify the skill author and source (there is no homepage or author metadata here). If you must test it, create a testnet wallet with minimal funds and monitor transactions closely.

Review Dimensions

Purpose & Capability: noteThe SKILL.md and index.js align: both describe transferring USD1/USDC over Wormhole Testnet and the code uses @wormhole-foundation SDK to perform a token transfer. However the registry metadata lacks a public description, homepage, or author — reducing provenance and making it harder to trust the publisher.
Instruction Scope: concernThe runtime instructions and code require the user's wallet privateKey as an input parameter (required). That is coherent for a transfer skill, but it means the agent runtime will receive a raw private key. SKILL.md cautions to use secure input and Testnet only, which is good, but the instructions give the agent direct access to a secret that controls funds — a significant risk if the agent environment or skill execution is compromised.
Install Mechanism: noteThere is no install spec (instruction-only style) but the package.json/package-lock are bundled and list @wormhole-foundation SDK dependencies and many transitive packages. No external arbitrary download URLs are used. The large dependency tree increases surface area and includes components (in package-lock) with deprecation/security notes, which should be audited before running.
Credentials: concernThe skill does not request environment variables or platform credentials — instead it requires a privateKey passed at runtime. While necessary for signing a transaction, asking for a raw private key is high privilege: it grants full control of the wallet. The registry does not declare a primary credential or explain secure handling/storage of the key beyond the SKILL.md note. This is proportionate to the stated functionality but requires strong operational safeguards (use testnet only, ephemeral keys, or a signing service/hardware wallet).
Persistence & Privilege: okThe skill does not request always:true and does not modify system or other skills' configuration. Model invocation is allowed (default), which is normal. There is no evidence it attempts to persist credentials or change agent configuration autonomously.