Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Clawchain
v1.0.1ClawChain RPC client for EvoClaw agents. Connects to Substrate-based blockchain, queries on-chain agent data, submits transactions, and enables agents to par...
⭐ 0· 971·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The name/description (ClawChain RPC client) aligns with the provided Rust client libraries and examples: the code implements querying storage, submitting extrinsics, subscribing to events, and helper scripts for config. That said, there are implementation oddities (e.g., inconsistent RPC method names such as 'author_submitExtrinsic' vs 'agent_submitExtrinsic', use of 'blake_256' which doesn't exist alongside 'blake2_256', and simplistic placeholder SCALE encodings) that look like incomplete or sloppy engineering rather than deliberate capability mismatch.
Instruction Scope
The SKILL.md runtime instructions do not declare or mention environment variables that the code actually reads (get_owner_address() reads 'CLAWCHAIN_OWNER'), nor do they reference the included scripts (scripts/init-clawchain.sh uses WORKSPACE and writes a config file). The client code will open network connections (WebSocket to whatever RPC URL is provided) and can submit transactions; these actions are consistent with purpose, but the runtime instructions are incomplete about configuration and side effects (creating files under WORKSPACE, reading env vars).
Install Mechanism
There is no install spec (instruction-only), which is lower risk; however the skill bundle includes code and an executable shell script. While nothing is automatically downloaded at install time, those files can be executed by an agent following SKILL.md or by a user — review the script before running. The script itself only writes a JSON config and uses default local endpoints; it does not pull remote binaries.
Credentials
The skill metadata declares no required environment variables, but the code reads CLAWCHAIN_OWNER (with a fallback to a hardcoded address) and the init script references WORKSPACE. Asking for or reading an owner key/env var is plausible for signing/submitting transactions, but the metadata should declare these. Also the client expects private key usage for signing in practice (SKILL.md mentions programmatic signing) but the code does not implement signing — this mismatch could lead integrators to inadvertently expose credentials elsewhere. No other unrelated secrets are present, but the undocumented env access is a proportionality/visibility concern.
Persistence & Privilege
The skill does not request 'always: true', does not declare system-wide config modifications, and contains no automatic persistence mechanism. The included init script writes a local config file under WORKSPACE (or $HOME/workspace) but that is limited in scope. Autonomous invocation is enabled by default (normal) and not, by itself, a new risk here.
What to consider before installing
This skill appears to implement a Substrate RPC client, but there are several inconsistencies you should address before installing or running it: 1) The Rust code reads the environment variable CLAWCHAIN_OWNER (and the init script uses WORKSPACE) but the skill metadata doesn't declare these—decide whether the agent will get an owner key from an env var, a config file, or a secure signer, and document it. 2) Review the included script (scripts/init-clawchain.sh) before executing; it writes a config file under $WORKSPACE or $HOME/workspace. 3) The client will open WebSocket connections to whatever RPC URL is supplied — only point it at nodes you trust. 4) The code contains implementation errors/inconsistencies (RPC method name mismatches, placeholder SCALE encodings, minor API typos) — treat this as unpolished code and audit/compile locally before use. 5) If you plan to enable automated transaction submission, ensure private keys are handled by a secure signer (do not place private keys in plain env vars or in the generated config). If you want, I can produce a short checklist and suggested edits to the skill (declare required env vars in metadata, fix the RPC method names and encoding placeholders, and tighten SKILL.md) to make it safer to install.Like a lobster shell, security has layers — review code before you run it.
latestvk972ajx4fqc64432rayrktf8hx815vvd
License
MIT-0
Free to use, modify, and redistribute. No attribution required.