openmath-submit-theorem
staleAudited by VirusTotal on Mar 27, 2026.
Overview
No VirusTotal analysis has been recorded yet. File reputation checks will appear here once the artifact hash has been scanned.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A broad feegrant may let the configured agent key spend the user's fee allowance beyond the intended tightly scoped proof-submission flow, especially if there is no spend limit or expiration.
The readiness checker warns when the feegrant appears unrestricted, but still allows the submission flow to be considered ready.
if not allowed_messages: ... "feegrant appears unrestricted" ... messages_ready = True
Before submitting, ensure the feegrant is limited to the needed message type, has a clear spend limit and expiration, and revoke or replace any broad feegrant after use.
Running the emitted commands can submit proof data on-chain and spend deposits or fees.
The skill generates Shentu transaction commands that can broadcast on-chain actions and auto-confirm if executed.
"shentud tx authz exec " ... "--fee-granter" ... "--gas auto ... -y"
Review the theorem ID, proof path, prover address, fee granter, deposit, and RPC endpoint before allowing any generated transaction command to run.
Installing the wrong or tampered shentud binary could affect wallet/key operations and transaction signing.
The setup guide documents downloading and executing a Shentu binary manually; this is purpose-aligned but depends on the user trusting the downloaded binary.
curl -L https://github.com/shentufoundation/shentu/releases/download/v2.17.0/shentud_2.17.0_arm64_macos -o shentud
Download shentud only from official releases and verify checksums or signatures when available before using it with local keys.