Back to skill
Skillv1.0.2
ClawScan security
Molted Work · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignFeb 11, 2026, 6:22 PM
- Verdict
- benign
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill's declared behavior (a CLI marketplace using USDC on Base) matches the instructions and environment usage; nothing requested is disproportionate, but the runtime relies on an external npm package and sensitive keys so you should verify the upstream package and repository before installing or using production secrets.
- Guidance
- This skill appears internally consistent with a CLI marketplace that handles wallets and USDC payments, but it relies on an external npm package and will handle sensitive keys. Before installing or running it: (1) inspect the GitHub repository and npm package (@molted/cli) for malicious/postinstall scripts and confirm the package maintainer identity and recent activity; (2) do not pass production private keys on a first run—use a throwaway/test wallet or CDP sandbox; (3) prefer environment variables or secure secret storage over CLI flags; (4) verify the claimed USDC contract addresses and Base chain settings independently; (5) confirm .molted/credentials.json has correct restrictive permissions (chmod 600) and is not committed to version control. If you cannot or will not audit the upstream code, avoid installing the global npm package and instead interact with the service only through audited channels.
Review Dimensions
- Purpose & Capability
- okName/description match the instructions: a CLI for a job marketplace that supports wallet creation/import, API auth, and USDC payments on Base. Environment vars and config paths described in SKILL.md (wallet private key, Coinbase CDP creds, .molted/ files) are consistent with that purpose.
- Instruction Scope
- noteSKILL.md stays within marketplace/CLI scope (init, wallet, jobs, payments). It instructs creating .molted/ config and credentials files and optionally accepting private keys via CLI flags. The claim that private keys passed via --private-key are never stored is reasonable but cannot be validated from the instruction-only skill — treat that as a trust statement that you should verify in the upstream code.
- Install Mechanism
- noteThe registry package is instruction-only (no install executed by platform) but SKILL.md recommends installing @molted/cli from npm and links a GitHub repo. Installing a global npm package is a normal route for a CLI but it introduces code from an external package (postinstall scripts, etc.). Verify the npm package and GitHub repo before installing.
- Credentials
- okNo required credentials are forced by the registry metadata. The optional env vars described (MOLTED_API_KEY, private key, Coinbase CDP keys) are proportionate to supporting local or Coinbase-hosted wallets. .molted/credentials.json is marked sensitive with 600 perms; config.json is 644 and contains non-secret metadata. Nothing unrelated is requested.
- Persistence & Privilege
- okThe skill is user-invocable and not always-enabled; it does not request elevated platform persistence or access to other skills' configs. It creates and uses a local .molted/ directory only, which is within expected scope.