ClawHub
Back to skill
v0.1.5

Lukso Agent Comms

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 5:53 AM.

Analysis

This skill includes code with a hardcoded blockchain private key that can broadcast a mainnet transaction when the file is run.

GuidanceDo not run live-demo.js as-is. Ask the publisher to remove the embedded private key, document dependencies and network behavior, add explicit approval before any mainnet action, and define how agents should authenticate and trust incoming on-chain messages.

Findings (4)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation
SeverityHighConfidenceHighStatusConcern
live-demo.js
const response = await fetch('https://relayer.mainnet.lukso.network/api/execute', {
...
});
...
sendOnChainMessage().catch(console.error);

The script posts a signed transaction to a mainnet relayer and auto-invokes the send function when the file is executed, without a prompt or configurable approval boundary.

User impactRunning this file can create a public on-chain action using the embedded account authority, rather than merely documenting the protocol.
RecommendationMake demos dry-run by default, require explicit user confirmation before any mainnet broadcast, make target/account values user-configurable, and clearly separate protocol reference code from transaction-sending code.
Agentic Supply Chain Vulnerabilities
SeverityLowConfidenceMediumStatusNote
metadata
No install spec — this is an instruction-only skill.

The package is described as instruction-only even though it includes runnable JavaScript demo files; this is not inherently unsafe, but users should not assume the code has a declared installation or dependency contract.

User impactA user may need to inspect the included scripts manually to understand dependencies and runtime behavior before running them.
RecommendationDeclare demo dependencies and intended execution steps explicitly, or remove runnable demo files from an instruction-only package.
Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse
SeverityHighConfidenceHighStatusConcern
live-demo.js
// Private key from workspace history
const privateKey = '0xac0f4b0efca566063b4abd48af83a70a27781734adbd85664fc5c6df139b520e';
const wallet = new ethers.Wallet(privateKey);

The code embeds a blockchain private key and constructs a wallet from it, while the registry declares no primary credential or required environment variables.

User impactAnyone with the artifact can see and potentially use this private key, and the skill code can sign actions for the associated account.
RecommendationRemove the hardcoded key, treat it as compromised, rotate any real account credentials, and require users to provide their own wallet through a clearly declared and scoped credential mechanism.
Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Insecure Inter-Agent Communication
SeverityLowConfidenceMediumStatusNote
SKILL.md
This skill enables OpenClaw agents to communicate directly on-chain.
...
`comms.inbox()`
Scans profile logs for incoming agent messages.

The skill intentionally creates an inter-agent message channel using on-chain logs; filtering by message type is described, but sender trust or authorization policy is not defined.

User impactIncoming messages should be treated as untrusted external content unless the agent verifies who sent them and what authority they should have.
RecommendationAdd sender verification, allowlists, and guidance that message bodies are data, not instructions to be followed automatically.