Skillv1.0.1

ClawScan security

Gougoubi Activate And Stake Risklp · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 23, 2026, 4:24 AM

Verdict: suspicious
Confidence: high
Model: gpt-5-mini
Summary: The skill's description and runtime instructions claim to run blockchain operations (voting, joining a committee, staking LP) and reference node scripts, but the package lacks those scripts and declares no credentials or environment requirements needed to sign transactions — the pieces don't add up.
Guidance: Do not install or run this skill until you verify a few things: (1) confirm the referenced Node scripts actually exist in the upstream repository (the package here lacks them); (2) ask how transaction signing is expected to work — what wallet, private key, or signer the skill will use, and where credentials are stored; (3) require explicit environment variables or a hardware signer rather than implicit access to any system wallet; (4) run only dry-run/test mode in a sandbox with no real funds first; (5) if you allow autonomous invocation, add strict consent/confirmation steps so the agent cannot stake funds or join committees without your explicit approval. If the maintainer cannot show the missing scripts and clarify credential handling, treat this package as untrusted.

Review Dimensions

Purpose & Capability: concernThe skill's stated purpose (activate proposal conditions and add risk LP) is plausible for a blockchain automation tool, but the SKILL.md requires actions that need transaction signing, network access, and a signer wallet (auto-join committee with stake, vote, add LP). The package declares no required env vars, no credentials, and includes no binaries. Additionally, the SKILL.md lists Node script entry points, but those scripts are not included in the skill bundle. This mismatch suggests the skill as packaged cannot perform its claimed capabilities or assumes access to external signing infrastructure without declaring it.
Instruction Scope: concernRuntime instructions direct the agent to auto-join a committee (staking funds), vote to activate conditions, wait for on-chain state changes, and add LP. These are high-impact, state-changing blockchain operations. The instructions reference running specific node scripts (e.g., scripts/pbft-activate-and-add-risklp.mjs) that are not present in the package. The instructions also imply access to wallet keys/signers but do not state where those credentials come from. This is scope creep relative to the declared zero-env, zero-binary packaging.
Install Mechanism: noteNo install spec (instruction-only), which is low technical risk because nothing is written by the installer. However, the README and INSTALL.md instruct users to run local Node scripts and suggest copying the skill folder into the runtime; since the referenced scripts are missing here, the install docs point to expected artifacts elsewhere (repo listed in clawhub.json). The lack of bundled execution code is an inconsistency to verify with the upstream repository.
Credentials: concernThe skill requests no environment variables and declares no primary credential, yet its workflow requires permission to sign transactions and stake funds. This is a proportionality mismatch: actions described typically require wallet private keys or a connected signer, RPC endpoints, and possibly funds. The skill gives no guidance where credentials should come from, nor does it declare the names of expected env vars (e.g., PRIVATE_KEY, MNEMONIC, RPC_URL).
Persistence & Privilege: noteThe skill is not marked always:true and does not request system-level config changes. Autonomous invocation is allowed (default) which is normal, but because the skill performs financial on-chain actions, autonomous execution without explicit user safeguards could have high impact. Verify agent policies and consent prompts before allowing autonomous runs.