Skillv0.58.1

ClawScan security

Bankofbots · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignApr 15, 2026, 5:24 PM

Verdict: Benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's requirements and runtime instructions align with its stated purpose (on‑chain proof submission, wallet binding, treasury flows and lending); nothing requested appears unrelated or unexplained, though the agent will be instructed to manage local wallets and sign/submit on‑chain transactions so operational caution is warranted.
Guidance: This skill appears internally consistent for a BOB wallet/treasury/trust integration, but it performs sensitive financial actions and interacts with local wallet material and a local OpenClaw gateway. Before installing: 1) Only provide a BOB_API_KEY with least privilege (if BOB supports scoped keys) and a dedicated agent_id for testing. 2) Verify and download the 'bob' CLI from the official GitHub Releases and check the SHA256 sums as instructed. 3) Do not enable autonomous spending for production agents until operator policies (review/approval thresholds) are configured and tested. 4) Understand that commands like wallet sweep, prepare/sign/submit and treasury transfer will access local wallet keys and can move funds; keep private keys and node endpoints protected. 5) Test end‑to‑end on a staging agent with small funds first and audit webhook / API activity and operator logs. If you are not comfortable with an agent having the ability to sign/submit transactions, do not provide production API keys or enable spending/custody tiers.

Review Dimensions

Purpose & Capability: okName/description claim a trust layer for on‑chain proofs, scoring and credit/treasury flows. The declared requirements (BOB_API_KEY, BOB_AGENT_ID, optional BOB_API_URL) and the CLI commands in SKILL.md directly support that purpose. No unrelated credentials, binaries, or config paths are requested.
Instruction Scope: noteSKILL.md instructs the agent to run the 'bob' CLI for init, wallet binding, Safe deployment, signing, submitting transactions, submitting proofs, spend sync (pulling from a local OpenClaw gateway) and loan requests. Those actions are consistent with a wallet/treasury/trust skill, but they involve access to local wallet keys, signing operations, and reading a local gateway endpoint; these are sensitive (financial & local RPC data) even though they are on‑purpose.
Install Mechanism: okThis is instruction/content-only (no install spec). The README advises obtaining the bob CLI from GitHub Releases with SHA256 verification. That is a reasonable, low‑risk recommendation if the user actually verifies checksums and uses the official release URL.
Credentials: okOnly two required env vars (BOB_API_KEY, BOB_AGENT_ID) plus an optional API URL are declared. Those map directly to authenticating the agent with the BOB service. No broad or unrelated secrets are requested.
Persistence & Privilege: notealways:false (no forced inclusion). The skill can be invoked autonomously by default, which is normal for skills — but because the skill's commands can prepare/sign/submit on‑chain transactions and perform treasury operations, enabling autonomous invocation for a spending-enabled agent increases risk; treat autonomous spending permissions and API key scope carefully.