Skillv1.0.0

ClawScan security

Gougoubi Pump Lifecycle · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 23, 2026, 9:02 AM

Verdict: suspicious
Confidence: high
Model: gpt-5-mini
Summary: The skill claims to operate end-to-end on-chain (creating markets, signing transactions, querying a subgraph) but declares no wallet credentials, RPC endpoints, or config — that mismatch is worth caution.
Guidance: This skill expects to perform on-chain, signed actions (create markets, submit results, claim fees) and to query a subgraph, but it does not declare the wallet/private key, RPC endpoint, or subgraph URL it will use. Before installing or running it: 1) Ask the maintainer how signing is done — do they expect you to paste a private key, use a browser wallet, or have the platform sign transactions? Never paste private keys into third-party skills. 2) Confirm which RPC and subgraph endpoints will be used and whether those are configurable. 3) Verify the concrete contract addresses (PBFT_PUMP_FACTORY_CONTRACT_ADDRESS and others) and test on a testnet first. 4) Review the dependent skills (listed in dependsOn) — they may require additional credentials. 5) Prefer an operator mode where the skill prepares transactions and asks you to sign them with your own wallet rather than holding your keys. If you can't get clear answers to these points, treat the skill as risky and avoid providing wallet credentials.

Review Dimensions

Purpose & Capability: concernThe skill's purpose is to create proposals, sign transactions, query subgraphs, decode events, and harvest fees on-chain. Yet the registry metadata declares no required environment variables, no primary credential, and no config paths. Actions like signing transactions and querying a subgraph normally require a wallet/private key and an RPC or subgraph endpoint; their absence is an incoherence between what the skill claims to do and what it asks for.
Instruction Scope: concernSKILL.md explicitly instructs the agent to create contracts, submit final results, decode on-chain events, search the pump subgraph, persist proposal addresses, and supervise dispute windows. It also tells the agent to read the connected wallet if the proposer is unknown. These runtime instructions give the agent broad authority over on-chain state and data persistence, but are vague about where subgraph/RPC endpoints come from, where to persist data, and how signing is performed — granting the agent discretionary access without declared limits.
Install Mechanism: okThis is an instruction-only skill with no install spec and no code files, so nothing is written to disk by an installer. That reduces installation risk; however, runtime actions still depend on external systems (wallet, RPC).
Credentials: concernNo environment variables or credentials are declared, yet the workflow requires signer credentials (proposer wallet/private key or interactive wallet connection), RPC/JSON-RPC endpoints and a subgraph URL. The lack of declared secrets or endpoints is disproportionate and ambiguous — the skill either assumes platform-provided credentials or expects the agent to obtain private keys interactively, both of which should be explicit.
Persistence & Privilege: noteThe skill is not set to always:true and is user-invocable (normal). It instructs the agent to 'persist' proposalAddress and to read the connected wallet if needed; how and where to persist is unspecified. Autonomous invocation is allowed by default — combine that with on-chain signing capability and it increases potential impact if credentials were provided, so confirm signing workflow before enabling autonomous runs.