Skillv1.0.0

ClawScan security

Solidity LSP · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousFeb 11, 2026, 9:28 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's instructions are generally consistent with Solidity development, but the name/description claim a 'language server' and 'essential for ClawChain pallet development' while the content is only CLI install/run guidance and includes recommendations (curl | bash installer, env-vars for private keys) that don't match or are risky.
Guidance: This skill is not malicious but is inconsistent and has a few risky recommendations. Before installing or following the instructions: (1) Note the mismatch — the skill advertises an LSP but contains only CLI instructions; if you need an LSP, install/verify a real Solidity language-server package. (2) Avoid running curl | bash blindly (Foundry installer); fetch the script separately and inspect it, or use the official package manager instructions. (3) Never place private keys in plain environment variables on a shared machine; use a hardware wallet, temporary keys, or an isolated environment for deployments. (4) Prefer installing solc/solhint/slither from official, versioned sources and run them in a sandbox or container if you are unsure. (5) Because the skill is instruction-only, the agent will not automatically access your files or keys — but if you tell the agent to run these commands, those commands will run with your user privileges. If you want this skill for IDE LSP features, request or look for a skill that actually installs/configures a language-server (LSP) implementation and cites a trustworthy source.

Review Dimensions

Purpose & Capability: concernThe skill is named and described as a 'Solidity LSP' (language server / code intelligence) but the SKILL.md only contains instructions for installing and running CLI tools (solcjs, solhint, slither) and framework docs. There is no LSP implementation, no server integration, and nothing that provides language-server protocol hooks. It also claims to be 'essential for ClawChain pallet development' even though ClawChain sections discuss ink! (Rust) — the scope and claims do not align.
Instruction Scope: noteThe runtime instructions are limited to installing and running compilers, linters, and analyzers — they do not instruct the agent to read arbitrary host files or exfiltrate data. However the references/frameworks.md includes example Hardhat config that uses SEPOLIA_URL and PRIVATE_KEY environment variables for deployments, which could lead users to place sensitive keys in env vars. The instructions also suggest running networked installers and security tools (slither) that may require additional privileges.
Install Mechanism: concernThis is an instruction-only skill (no install spec), but it recommends installing Foundry via a curl | bash bootstrap (curl -L https://foundry.paradigm.xyz | bash). That pattern downloads and executes a remote script and is higher-risk than using a reviewed package manager. It also recommends global npm installs and pip installs; these are normal but can alter the system and should be run deliberately.
Credentials: noteThe skill declares no required env vars or credentials (good), but the included framework examples show using SEPOLIA_URL and PRIVATE_KEY in hardhat config. The skill doesn't itself require those creds, but its docs encourage patterns (env-stored private keys) that are sensitive. No unexpected external API keys or unrelated credentials are requested by the skill.
Persistence & Privilege: okThe skill is instruction-only, has no install-time persistence, and does not request always:true or elevated platform privileges. It will not be force-included or modify other skill configs.