Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
问道 Agent SDK
v1.1.0Automates BNB Chain NFA cultivation with on-chain authorized Agent wallet for meditation, leveling, attribute allocation, PK, and breakthrough tasks.
⭐ 0· 22·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
OpenClaw
Suspicious
medium confidencePurpose & Capability
The code and docs implement an NFA Agent SDK (on‑chain reads/writes, levelUp, distributeSP, PK, merkle roots), which is consistent with the stated purpose. However the metadata claims no required env vars/credentials while the CLI and code clearly expect an agent private key (AGENT_PRIVATE_KEY or --key) and allow overriding contract addresses via environment variables — that mismatch should have been declared.
Instruction Scope
Runtime instructions and the packaged code require the agent private key to sign transactions and perform writeContract calls (levelUp, distributeSP, depositPK, updateLearningTree). The agent also authenticates with a backend (default https://wendaobsc.xyz) by signing and POSTing an auth message to obtain a JWT; PK matching and recovery interact with that backend. The agent persists a local file (.wendao-tree-<tokenId>.json) containing merkle leaves. These actions (network calls to a third party, signing, disk writes) are within the claimed feature set but expand trust to an external API and create local persistent state — both deserve explicit disclosure.
Install Mechanism
There is no install spec in the skill metadata (instruction-only), but the package contains full JS/TS source and a package.json with dependencies (viem, commander, etc.). Dependencies are appropriate for a blockchain SDK. No remote download URLs or extract steps are present in the metadata that would increase install risk.
Credentials
The agent requires a private key (sensitive credential) at runtime but the skill metadata declares no required env vars or primary credential. The CLI encourages using AGENT_PRIVATE_KEY (preferred) but also supports passing --key (which leaks to shell history). The default API (https://wendaobsc.xyz) will receive signed messages and return JWTs; while the private key is never sent, the server sees signatures and agent addresses. The README/SKILL.md contains inconsistent statements about token custody (at points claiming the agent wallet has no $JW, elsewhere indicating PK consumes $JW from the agent wallet) — that inconsistency could lead users to fund the agent unexpectedly and risk token loss.
Persistence & Privilege
The skill does not request elevated system privileges and 'always' is false. It persists agent action leaves to disk (.wendao-tree-<tokenId>.json) and uses in‑process state (JWT stored on the instance). This per‑agent persistence is reasonable for the feature (Merkle learning tree) but is a durable local artifact that may include timestamps, actions, and tx hashes — users should know where these files are written and with what permissions.
What to consider before installing
This package is functionally consistent with an on‑chain NFA agent, but review these points before installing:
- Secret handling: The agent needs the Agent private key (AGENT_PRIVATE_KEY or --key). Treat this as highly sensitive; prefer environment variable usage (AGENT_PRIVATE_KEY) over command‑line flags, and never use your main owner wallet private key. The skill metadata incorrectly lists no required env vars — assume the private key is required.
- External backend: By default the agent authenticates to and uses https://wendaobsc.xyz for JWT and PK matching. The backend receives signed messages (not your private key) but will be able to authenticate your agent and coordinate PK actions. Only use the default API if you trust that service; you can set --api "" or another URL to disable/replace it.
- Funding and risk: PK deposits and breakthroughs can require $JW (on‑chain token) and the agent will spend tokens from the agent wallet if present. Do not fund the agent wallet with large amounts — create a dedicated child wallet with only a small BNB balance for gas and, if you enable PK, only the minimal $JW you accept to risk. The README contains contradictory claims about whether the agent wallet holds $JW — assume PK can consume $JW from the agent wallet.
- Local files: The agent persists a Merkle leaf file named .wendao-tree-<tokenId>.json in the current working directory. These files contain action logs and should be protected (permissions/backups) or periodically inspected/cleaned if you are privacy‑conscious.
- Audit and provenance: The skill source lists no homepage and the registry metadata owner is opaque. If you plan to run this with real funds, consider auditing the pkg (especially execPK and execPKRecover flows that interact with the backend), running in read‑only mode first (status command), or running on a throwaway agent wallet to observe behavior before giving it any tokens.
If you want, I can point out the exact lines where the agent authenticates to the backend and where wallet writes occur, or help craft safe CLI/environment settings to minimize risk.Like a lobster shell, security has layers — review code before you run it.
latestvk97cb94yqndp49bbazn7ghg0x984rzpg
License
MIT-0
Free to use, modify, and redistribute. No attribution required.