ClawHub

openmath-submit-theorem

WarnAudited by ClawScan on May 10, 2026.

Overview

This skill is mostly aligned with OpenMath proof submission, but it can proceed with broad or unbounded fee-grant authority that users should review carefully.

Install only if you are comfortable using Shentu CLI and on-chain OpenMath submissions. Verify the shentud binary, run the readiness check, confirm any authz and feegrant are tightly scoped with spend limits and expiration, and review every generated transaction command before broadcasting.

Findings (3)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Concern
ASI03: Identity and Privilege Abuse
What this means

A broad feegrant may let the configured agent key spend the user's fee allowance beyond the intended tightly scoped proof-submission flow, especially if there is no spend limit or expiration.

Why it was flagged

The readiness checker warns when the feegrant appears unrestricted, but still allows the submission flow to be considered ready.

Skill content
if not allowed_messages: ... "feegrant appears unrestricted" ... messages_ready = True
Recommendation

Before submitting, ensure the feegrant is limited to the needed message type, has a clear spend limit and expiration, and revoke or replace any broad feegrant after use.

Note
ASI02: Tool Misuse and Exploitation
What this means

Running the emitted commands can submit proof data on-chain and spend deposits or fees.

Why it was flagged

The skill generates Shentu transaction commands that can broadcast on-chain actions and auto-confirm if executed.

Skill content
"shentud tx authz exec " ... "--fee-granter" ... "--gas auto ... -y"
Recommendation

Review the theorem ID, proof path, prover address, fee granter, deposit, and RPC endpoint before allowing any generated transaction command to run.

Note
ASI04: Agentic Supply Chain Vulnerabilities
What this means

Installing the wrong or tampered shentud binary could affect wallet/key operations and transaction signing.

Why it was flagged

The setup guide documents downloading and executing a Shentu binary manually; this is purpose-aligned but depends on the user trusting the downloaded binary.

Skill content
curl -L https://github.com/shentufoundation/shentu/releases/download/v2.17.0/shentud_2.17.0_arm64_macos -o shentud
Recommendation

Download shentud only from official releases and verify checksums or signatures when available before using it with local keys.