Back to skill
Skillv1.0.0
ClawScan security
BaseCred · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignFeb 11, 2026, 8:53 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's behavior (requiring a Talent API key, optionally a Neynar key, and the basecred-sdk npm package) matches its stated purpose of fetching unified on‑chain reputation profiles; nothing in the files indicates covert data exfiltration or unrelated privilege escalation.
- Guidance
- This skill appears to do what it claims, but take these precautions before installing: (1) Provide a TALENT_PROTOCOL_API_KEY and optionally a NEYNAR_API_KEY — the registry metadata omitted these; the script will fail without the Talent key. (2) Review the basecred-sdk npm package source (or lockfile) before installing — the skill dynamically imports that package from your workspace and it will perform the network calls. (3) Avoid placing unrelated or high‑value secrets in the workspace .env; the script walks up directories and will load any .env it finds, making those values available to the process and the SDK. (4) Run the skill in an isolated workspace (or container) if you are unsure about the npm package origin, and consider using ephemeral API keys with least privilege.
Review Dimensions
- Purpose & Capability
- noteThe skill's name/description align with the code and SKILL.md: it loads basecred-sdk and queries Ethos, Talent Protocol, and optionally Neynar/Farcaster. One discrepancy: registry metadata lists 'Required env vars: none' but SKILL.md and the script require TALENT_PROTOCOL_API_KEY (mandatory) and NEYNAR_API_KEY (optional). This is likely an authoring omission in metadata, not a functional mismatch.
- Instruction Scope
- noteSKILL.md instructs running the included script from the workspace and to parse its JSON output — consistent with the script. The script walks up from cwd to find node_modules/basecred-sdk and to locate a .env file (up to 5 levels) and merges its key/value pairs into process.env. That behavior is necessary to pick up API keys in a workspace .env, but it means the script will read any .env it encounters (potentially containing unrelated secrets) and make them available to the process and to the imported SDK.
- Install Mechanism
- okNo install spec is provided by the skill itself; it expects the workspace to contain the npm package basecred-sdk (user runs 'npm i basecred-sdk'). This is a low-risk, typical pattern — network activity happens via the SDK package on npm, so the main supply-chain review point is that npm package.
- Credentials
- noteRequested credentials (TALENT_PROTOCOL_API_KEY required, NEYNAR_API_KEY optional) are proportionate to querying Talent Protocol and Neynar/Farcaster. However, the script's generic .env loading can import any keys present in workspace .env files, so unrelated secrets stored there would be exposed to the script and the SDK at runtime. The skill's registry metadata failing to declare these required env vars is an inconsistency.
- Persistence & Privilege
- okThe skill does not request persistent inclusion (always:false), does not write to global agent config, and has no install spec that modifies system-wide settings. It runs only when invoked.