Back to skill
Skillv1.0.2
ClawScan security
Gougoubi Activate Created Conditions · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 23, 2026, 4:24 AM
- Verdict
- Benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill is an instruction-only workflow for activating CREATED Gougoubi proposal conditions and its requirements and instructions are consistent with that purpose.
- Guidance
- This skill is a workflow template that will instruct an agent to perform on-chain actions: check wallet balance, optionally stake funds to join a committee, and submit votes (txs). Before installing/using it, confirm: 1) which wallet or signing mechanism your agent will use and whether private keys or auto-signing are enabled; 2) that wallet confirmations cannot be silently bypassed in your environment; 3) you want the agent to be allowed to send transactions and spend gas/minimum stake; 4) test on a non-production environment or with a low-value account first. If you need explicit declarations of RPC endpoints or signing keys, ensure your agent runtime provides them and that you inspect the agent's signing policies.
Review Dimensions
- Purpose & Capability
- okName/description match the pipeline: checking committee membership, optionally staking to join, enumerating CREATED conditions, and voting. No unrelated credentials, binaries, or system paths are requested.
- Instruction Scope
- noteRuntime instructions include blockchain wallet and transaction actions (wallet/gas checks, staking, voting). This is appropriate for the stated purpose, but the skill assumes the agent has wallet/chain capabilities; it relies on wallet confirmations but does not prescribe an explicit interactive consent step beyond 'Do not bypass wallet confirmation.'
- Install Mechanism
- okInstruction-only skill with no install spec and no code files — minimal risk from install. All contract method references are included in the repo files.
- Credentials
- noteNo environment variables or credentials are declared, which is coherent if the hosting agent provides wallet and RPC access. Users should verify how their agent supplies wallet keys and RPC endpoints because the skill will cause on-chain transactions (including optional staking that moves funds).
- Persistence & Privilege
- okSkill is not always-enabled and does not request persistent privileges or attempt to modify other skills. Autonomous invocation is allowed (platform default) but not exceptional here.