Skillv0.1.0

ClawScan security

The Trench · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousFeb 11, 2026, 8:50 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's stated purpose (calling a public Solana program) is plausible, but the SKILL.md expects local IDL/TS files and an environment-backed Anchor wallet without declaring or including them — those mismatches are concerning.
Guidance: This skill looks like a thin wrapper for calling a public devnet Solana program, but the package is incomplete: it references idl.json and TypeScript types that are not included and uses AnchorProvider.env() without declaring how a wallet/keypair will be provided. Before installing or using it: (1) Inspect the referenced homepage repository to confirm the IDL/types are public and unchanged, or provide those files yourself; (2) Do not paste private key material or seed phrases into the agent/chat — instead use a controlled wallet file or signer and confirm which env var/path the skill expects; (3) Ask the skill author to explicitly declare required environment variables and to bundle or fetch the IDL from a known URL (GitHub release) rather than relying on relative paths; (4) If the agent will be allowed to access your filesystem, be cautious: the SKILL.md's relative paths could cause it to read files outside the skill. These mismatches are not definitive evidence of malice, but they are enough reason to pause and require clarification or fixes before trusting the skill with keys or local files.

Review Dimensions

Purpose & Capability: concernThe skill says it will use a public IDL and TypeScript types to call a Solana program on devnet, which is coherent. However, the bundle contains only SKILL.md and does not include the referenced idl.json or the_trench.ts. The SKILL.md also uses relative paths ({baseDir}/../idl.json) that point outside the skill package, implying the agent must access files not provided.
Instruction Scope: concernInstructions call AnchorProvider.env() which implicitly requires a wallet/keypair or ANCHOR_WALLET-like environment config to sign transactions, but no env variables are declared or documented. The instructions reference reading local files by relative path, which could require the agent to load files outside the skill; the SKILL.md gives the agent no explicit, safe method for obtaining the IDL/TS files (no fetch/install steps).
Install Mechanism: okThere is no install spec and no code files included, so nothing is written to disk by the skill itself. That reduces installation risk, but it increases reliance on external files or user-supplied secrets.
Credentials: concernThe skill declares no required environment variables, yet the example uses AnchorProvider.env(), which typically relies on a wallet file or env var (e.g., ANCHOR_WALLET or a keypair path). This is a mismatch: the skill may require private signing keys at runtime but doesn't declare them, which could lead to ad-hoc requests for sensitive secrets or local file reads.
Persistence & Privilege: okThe skill does not request elevated persistence (always is false) and is user-invocable. There is no evidence it attempts to modify other skills or system-wide settings.