Back to skill
Skillv0.6.1
ClawScan security
DAO Governance · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 19, 2026, 8:56 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's code and instructions match its stated purpose (querying a Degov Agent API and optionally paying small on‑chain fees via a local wallet); nothing in the files indicates misdirection or unrelated credential access.
- Guidance
- This skill appears coherent and implements the paid-API workflow it describes, but take these precautions before using it: (1) only fund the generated wallet with a small test amount of USDC — do not move significant funds; (2) be aware the CLI will create wallet.json and a wallet-passphrase file under ~/.agents/state/dao-governance or use a path you supply via DEGOV_AGENT_WALLET_PATH / DEGOV_AGENT_WALLET_PASSPHRASE_PATH; consider supplying a passphrase via DEGOV_AGENT_WALLET_PASSPHRASE for non-interactive use and to avoid leaving a plaintext passphrase file; (3) confirm you are comfortable running pnpm install and executing the included scripts (they will fetch standard npm packages); (4) if you have other local wallets, note the code will look in a specific legacy path — inspect that path and the code if you want to ensure it won’t read/migrate an unrelated wallet; (5) review the code (wallet-store.ts and degov-client.ts) yourself or run the CLI in a sandbox/container if you want stronger isolation before using it with any real funds.
Review Dimensions
- Purpose & Capability
- okThe name/description (DAO governance using Degov Agent API) align with the included CLI scripts and SKILL.md which call the Degov Agent API and (when needed) construct a small Base wallet to pay x402 fees. Network calls (api.degov.ai and Base) and packages used are consistent with that purpose.
- Instruction Scope
- noteSKILL.md clearly scopes when the paid path is used and instructs the agent to ask user consent before wallet init/funding. The runtime instructions and CLI operate on local wallet files and can read/write a passphrase file (~/.agents/state/dao-governance/*) and an optional legacy path; this is expected for the payment workflow but is material to understand.
- Install Mechanism
- noteThe registry has no automated install spec (instruction-only), but the skill ships TypeScript CLI files and a package.json/pnpm lockfile. Running the CLI requires pnpm install (pulling standard npm packages). No untrusted remote download URLs or extract steps are present in the files.
- Credentials
- noteThe skill declares no required env vars, but the code respects several optional variables (DEGOV_AGENT_API_BASE_URL, DEGOV_AGENT_WALLET_PATH, DEGOV_AGENT_WALLET_PASSPHRASE, DEGOV_AGENT_WALLET_PASSPHRASE_PATH). Requesting a local wallet and optional passphrase env is proportionate to performing on‑chain payments, but the wallet file and passphrase are sensitive and must be handled carefully.
- Persistence & Privilege
- okThe skill persists its own state under ~/.agents/state/dao-governance (wallet.json and wallet-passphrase) and may migrate a legacy wallet from a specific legacy path. It does not request global 'always' inclusion and does not modify other skills' configs.