Back to skill
Skillv1.0.3
ClawScan security
Gougoubi Create Prediction · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
SuspiciousMar 23, 2026, 4:24 AM
- Verdict
- suspicious
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill's instructions describe signing and submitting blockchain transactions and reference helper scripts, but the package omits the actual scripts and does not declare how wallet credentials or RPC endpoints are provided — that mismatch warrants caution.
- Guidance
- Before installing or enabling this skill: 1) Verify where wallet signing and RPC access will come from — confirm whether your agent platform provides a safe wallet connector or if the skill expects you to supply private keys or an RPC URL. 2) Ask for or inspect the missing scripts referenced in README/SKILL.md (scripts/pbft-create-from-polymarket.mjs). The current package lacks those files; do not run external install steps that fetch arbitrary code unless you trust the source. 3) Clarify the token/chain semantics (why DOGE and 'wei' are both referenced) to ensure transactions will run on the intended chain and token contract. 4) Require explicit user confirmation for any approval or on-chain transaction — the SKILL.md promises this, so ensure the executing platform enforces it. If the publisher can supply the absent scripts or document how wallet auth is securely provided (and it matches the skill description), the concerns would be reduced.
Review Dimensions
- Purpose & Capability
- concernThe skill claims to create Gougoubi public proposals including checking DOGE balance, requesting approvals, and submitting transactions. That capability legitimately requires access to a wallet and a blockchain RPC or signing tool, but the skill does not declare any required credentials, env vars, or tools. The README/SKILL.md also reference node scripts (scripts/pbft-create-from-polymarket.mjs) that are not included in the package, which is inconsistent with the claimed runnable capability.
- Instruction Scope
- concernSKILL.md stays largely scoped to proposal creation flows and explicitly calls out safety boundaries (never auto-confirm irreversible actions, require user confirmation on moderation risk). However it instructs the agent to check token balances, request approvals, convert stake to 'wei', and submit transactions — all operations that interact with wallets/RPCs but give no guidance on where credentials/signing come from. The document also mixes terminology (DOGE vs wei) without clarifying chain/token semantics, which is ambiguous and could lead to incorrect or harmful actions.
- Install Mechanism
- noteThis is instruction-only (no install spec) so there's no code installation risk. However, the included INSTALL.md and README reference local scripts and a GitHub-based installer and example node entrypoints that are absent from the package. That suggests the package is incomplete or expects external code to be fetched during install — the absence of those scripts is noteworthy.
- Credentials
- concernNo environment variables, credentials, or primary credential are declared, yet the flow requires wallet signing, balance checks, and possibly RPC endpoints. A skill that submits on-chain transactions should explicitly document what credentials or wallet integrations it needs; the omission is an incoherence and a practical security consideration (how/where keys are supplied).
- Persistence & Privilege
- okThe skill does not request persistent/always-on privileges (always:false) and is user-invocable only. It does not declare any system-wide config changes or privileged persistence. This is appropriate for its stated purpose.