Skillv1.1.0

ClawScan security

ClawdVine · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousFeb 11, 2026, 9:03 AM

Verdict: suspicious
Confidence: high
Model: gpt-5-mini
Summary: The skill mostly does what it claims (video generation paid via x402 on Base) but its declared metadata omits critical requirements (notably an EVM private key) and the runtime instructions direct persistent storage of identity and use of a wallet private key — a mismatch that requires caution before installing or supplying secrets.
Guidance: What to consider before installing or running this skill: - The skill legitimately needs a wallet to pay via x402, but the package/registry metadata failed to declare the required env var. Do not supply your main wallet private key. If you try it, use a dedicated Base wallet with minimal USDC and no valuable tokens. - The scripts require EVM_PRIVATE_KEY (sandboxed environment) and optionally storing CLAWDVINE_AGENT_ID persistently. Storing a private key in an environment variable is convenient but risky — prefer signing in a separate wallet app or use a wallet with spending limits. - Review endpoints and addresses before use: api.clawdvine.sh, the claimed USDC token and facilitator addresses, and any tx explorers. Confirm the domain/owner independently (e.g., GitHub repo, DNS, or project governance) before trusting payments. - Because the package includes Node scripts and npm dependencies, run them locally in an isolated environment (container/VM) and inspect/execute them yourself rather than handing secrets to a remote agent. Install dependencies only from the official registries and verify package versions. - If you want to allow the agent to call this skill, avoid giving it your private key. Instead: (a) keep the key offline and run signing locally, or (b) use a wallet service that supports limited-authority signing or per-transaction confirmations. - If you are not comfortable with onchain payments or persisting credentials, you can still use the service via manual wallet interactions, but do not set EVM_PRIVATE_KEY in shared agent environments. If you want, I can: point out the exact lines that require EVM_PRIVATE_KEY, extract all places the skill writes/reads persistent config, or draft safer usage instructions (e.g., run payments via a hardware wallet or use a burner wallet).
Findings: [system-prompt-override] unexpected: The SKILL.md contains directives that attempt to control agent behavior (e.g., 'SAVE THE RETURNED agentId TO YOUR MEMORY — you need it for all future requests') which match a 'system-prompt-override' pattern. While storing an agentId is functionally relevant, embedded imperative instructions to persist memory and change agent behavior are prompt-like and should be treated cautiously.

Review Dimensions

Purpose & Capability: concernThe skill's stated purpose (paid video generation via x402) matches the code and SKILL.md (calls to https://api.clawdvine.sh, x402 flow, SIWE signing). However the registry metadata said 'Required env vars: none' and 'Primary credential: none' while the provided scripts and documentation clearly require an EVM_PRIVATE_KEY (wallet private key) and optionally CLAWDVINE_AGENT_ID. That omission is an incoherence: a wallet private key is legitimately needed for x402 payments and SIWE signing, so it should have been declared.
Instruction Scope: concernThe SKILL.md and scripts instruct the agent/operator to persist the returned agentId (store to memory, agent config, or set CLAWDVINE_AGENT_ID env var) and to use EVM_PRIVATE_KEY for signing payments and SIWE authentication. These instructions go beyond a single ephemeral call (they require persistent secrets/config). The SKILL.md also explicitly instructs the agent to always include agentId and to 'SAVE ... TO YOUR MEMORY' — this is scope-creep relative to a simple generation helper and can affect persistence/behavior across sessions.
Install Mechanism: noteThere is no install spec in the registry (instruction-only), which is low-risk for on-platform install. But the package includes Node scripts and a package.json with dependencies (@x402/*, viem, siwe). Running the scripts requires installing npm packages locally. The absence of an install step in metadata is an inconsistency (users may run scripts without installing deps). No high-risk external download URLs or extract steps were found.
Credentials: concernThe skill requires powerful secrets at runtime: EVM_PRIVATE_KEY (used to sign payments and SIWE messages) and may ask you to set CLAWDVINE_AGENT_ID persistently. The metadata declared no required envs/primary credential, which is misleading. Requesting a full wallet private key is a high-privilege ask and should be explicitly declared and justified — it is justified for making onchain USDC payments, but the omission in metadata and the instruction to persist secrets is concerning.
Persistence & Privilege: concernThe SKILL.md repeatedly instructs storing the agentId 'permanently' to agent memory/config or as an environment variable, and the scripts assume persistent EVM_PRIVATE_KEY in the environment. While the skill is not marked always:true, autonomous invocation (default) combined with stored credentials would increase blast radius. The skill does not attempt to modify other skills or system settings, but persistent storage of private keys/IDs by an agent should be treated as a privilege and explicitly approved.