Skillv1.0.0

ClawScan security

Basecred ERC-8004 Registration · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

ReviewFeb 11, 2026, 9:31 AM

Verdict: Review
Confidence: medium
Model: gpt-5-mini
Summary: The skill's code and instructions largely match its stated goal (on‑chain ERC‑8004 registration) but there are several mismatches and sensitive actions (private key use, .env reading, missing declared requirements) that should be clarified before installing.
Guidance: This package appears to implement ERC‑8004 registration as claimed, but review these before installing: - Private key handling: the scripts will use PRIVATE_KEY (or AGENT_PRIVATE_KEY / MAIN_WALLET_PRIVATE_KEY) from your environment to sign transactions. Only use this with a wallet whose funds you can afford to risk (use an ephemeral/test wallet if you want to try). Prefer pasting a public address rather than putting a private key in .env when possible. - Metadata mismatch: the registry metadata says "no required env vars / binaries", but the code needs Node >=18, npm (setup.sh runs npm install), and the private key env var for write operations. Treat that as a packaging oversight and verify prerequisites yourself. - Prefill behavior: the SKILL.md instructs automatic prefill from local identity files and environment. If you want tighter control, ask the agent to run a dry‑run first (scripts support --dry-run and the register script supports --template) so you can inspect the draft before any signing. - Install origin: setup uses npm to install agent0‑sdk@1.5.2. If you plan to run setup, verify the package and its version (check the agent0‑sdk source) and consider running the install in a sandbox/container. - Review code: if you are not comfortable, inspect scripts/register.mjs and setup.sh yourself (they are present). Confirm the RPC URLs and chain targets are as expected (this skill targets mainnets only — there is no testnet support by default). If you proceed: run in a controlled environment, perform dry runs, avoid placing your main wallet private key in .env, and verify package sources for agent0‑sdk.

Review Dimensions

Purpose & Capability: noteThe skill's name/description (ERC‑8004 registration) aligns with the included scripts (register, update, search, feedback) and use of agent0‑sdk. However the registry metadata claims no required env vars or binaries while the shipped README and scripts clearly expect Node >=18, npm, and PRIVATE_KEY / AGENT_PRIVATE_KEY / MAIN_WALLET_PRIVATE_KEY (and optionally PINATA_JWT and RPC_URL). That metadata omission is an incoherence (likely sloppy packaging) but the requested capabilities themselves are consistent with the stated purpose.
Instruction Scope: concernSKILL.md explicitly instructs the agent to "auto-fill every field you can" from identity files (IDENTITY.md, SOUL.md, USER.md), the environment (.env), and prior context. For registration this is functionally reasonable, but it means the agent will read local identity files and environment variables (including private key in .env if present). The SKILL.md also tells the agent to prefill everything before asking the user, increasing the chance of reading more sensitive context without explicit per-field confirmation.
Install Mechanism: noteThe registry lists no install spec (instruction-only), but the package contains a scripts/setup.sh that runs npm install agent0-sdk@1.5.2. Installing agent0-sdk via npm is a normal approach for this functionality; it is moderate-risk (third‑party package install). There are no downloads from unknown personal servers or shorteners in the manifest.
Credentials: concernThe code requires a private key env var for write operations (PRIVATE_KEY / AGENT_PRIVATE_KEY / MAIN_WALLET_PRIVATE_KEY) and optionally PINATA_JWT and RPC_URL. Requesting private key material is proportionate for signing on‑chain transactions, but the registry metadata did not declare these requirements and SKILL.md encourages storing a private key in .env. That combination (undeclared sensitive env access + instruction to auto‑detect a private key) raises a practical safety concern: the skill will access and use a sensitive secret if present.
Persistence & Privilege: okThe skill is not always:true and does not request to persist or modify other skills or system settings. It does not demand permanent inclusion or elevated platform privileges. It will perform on‑chain operations only when a private key is provided and when the user confirms actions (scripts prompt for confirmation unless --yes is used).