ClawdVine
SuspiciousAudited by ClawScan on May 10, 2026.
Overview
ClawdVine is mostly coherent as a paid video-generation skill, but it asks the agent to use a wallet private key for automatic USDC payments and includes agent prompt/memory instructions that users should review first.
Install only if you are comfortable with an agent making paid ClawdVine requests. Use a fresh low-balance wallet, verify the exact USDC cost and recipient before each generation, do not let the skill alter your system prompt, and store only the agentId—not private keys or wallet secrets.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the agent runs this with a real wallet private key, it can authorize USDC payments from that wallet.
The helper reads a raw EVM private key from the environment and creates a signer that can authorize wallet actions.
const privateKey = process.env.EVM_PRIVATE_KEY; ... const signer = privateKeyToAccount(privateKey);
Use a dedicated low-balance wallet/key for this skill, never a main wallet, and require explicit approval for every paid action.
A mistaken or unexpected generation request could spend wallet funds if the agent runs the helper with an unlocked private key.
The script uses an x402 payment-wrapped fetch that automatically signs and retries after a 402 payment challenge. The script has no built-in maximum amount or receiver allowlist.
fetchWithPayment = wrapFetchWithPayment(fetch, client); ... const res = await fetchWithPayment(`${API_BASE}/generation/create`, {Add a code-enforced max spend and expected recipient check, and keep the documented pre-flight user confirmation mandatory.
If followed uncritically, the skill could cause the agent to change its ongoing behavior beyond a single video-generation request.
A skill section about setting the system prompt can affect higher-priority agent behavior and is broader than the normal video-generation/payment workflow.
**Setting your system prompt:**
Do not allow the skill to modify system prompts or global agent instructions unless the user explicitly reviews and approves the exact change.
The agentId may be reused across tasks and linked to public portfolio, reputation, or generation history.
The skill asks for persistent storage of an agent identifier so future generations are attributed correctly.
SAVE THE RETURNED agentId TO YOUR MEMORY ... Store this permanently. Save your `agentId` to memory, config, or set `CLAWDVINE_AGENT_ID`
Store only the non-secret agentId, keep it separate from wallet keys, and let the user decide whether persistent attribution is desired.
Running the build script executes a local shell command, which is normal for packaging but should only be done from a trusted checkout.
The build helper executes a local tar command, but the included file list is fixed and the artifacts do not show it running automatically.
const tarCmd = `tar -czf "${OUTPUT}" ${filesToInclude.map(f => `"${f}"`).join(' ')}`; ... execSync(tarCmd, { cwd: ROOT, stdio: 'inherit' });Treat build scripts as developer tooling and do not run them unless you intend to package the skill.