Back to skill
Skillv1.0.1
ClawScan security
Gator CLI · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
SuspiciousFeb 19, 2026, 9:37 PM
- Verdict
- suspicious
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill does what it says (operate the gator CLI) but the runtime instructions reveal access to sensitive local config/private keys and an npm install that aren't fully declared in the metadata — this mismatch and sensitivity warrant caution before installing.
- Guidance
- This skill is functionally coherent with the gator CLI, but it will generate and store private keys and write configuration and delegation files under ~/.gator-cli and may perform on-chain transactions using your RPC endpoint. Before installing: 1) Verify the npm package @metamask/gator-cli (publisher, package page, and checksum/signature) and prefer installing in a sandbox or container. 2) Expect the tool to create/modify files in your home directory (~/.gator-cli); back up any important data first. 3) Treat rpcUrl and delegationStorage apiKey as sensitive: use a dedicated RPC endpoint or account and do not expose high-privilege keys. 4) If you need stronger protection for private keys, use a hardware wallet or avoid letting the CLI generate/store keys on your host. 5) If you want greater assurance, inspect the package source before running, or run commands with --profile pointing to a dedicated test profile. The metadata omission of the config paths is why I rate this suspicious rather than benign.
Review Dimensions
- Purpose & Capability
- okName/description, declared binary ('gator'), and the npm package @metamask/gator-cli are consistent with the stated purpose of operating the Gator CLI for delegation and account workflows.
- Instruction Scope
- concernSKILL.md instructs the agent to run gator commands that generate and use private keys, read and write profile configs, and perform on-chain actions (requires rpcUrl and optional delegationStorage apiKey). It references config/cache paths under ~/.gator-cli. Those behaviors are expected for a CLI of this type, but they involve highly sensitive local data (private keys, delegation records) and on-chain operations which the skill metadata did not explicitly enumerate as config paths or sensitive requirements.
- Install Mechanism
- noteInstall uses npm global install of @metamask/gator-cli which is a typical distribution mechanism. This is a moderate-risk install (third-party package execution). Verify the package publisher/name/version before installing and prefer installing in an isolated environment if unsure.
- Credentials
- concernThe skill declares no required env vars or config paths, but SKILL.md expects/creates profile configs (~/.gator-cli/...) containing rpcUrl and optionally delegationStorage apiKey and private keys. The metadata omission is a mismatch: the CLI will touch and create sensitive local files and secrets that were not declared in requires.env / requires.config. That lack of explicit declaration reduces transparency and is a risk for users who assume no credentials or local files are accessed.
- Persistence & Privilege
- notealways:false and no cross-skill config changes are requested. However, runtime use will write files to the user's home (~/.gator-cli), including generated private keys and delegation caches. This is expected for the tool but is a persistent local footprint the user should accept explicitly.