Back to skill
Skillv0.1.4
ClawScan security
Aavegotchi Baazaar · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignFeb 21, 2026, 8:36 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's requirements and runtime instructions line up with its stated purpose (on‑chain listing and buying on Base), and it includes sensible safety checks for key use and remote calls.
- Guidance
- This skill appears coherent and includes sensible safety rules, but it's high‑impact because it requires a private key. Before installing: (1) Use a dedicated, funded‑minimally EOA (not your main wallet / exchange account). (2) Keep DRY_RUN=1 (default) until you fully test flows. (3) Only set DRY_RUN=0 and BROADCAST_CONFIRM when you intend to broadcast and then unset BROADCAST_CONFIRM immediately after. (4) Verify SUBGRAPH_URL is the canonical endpoint and that the DIAMOND/GHST/USDC addresses are what you expect. (5) The skill runs shell snippets — follow its validation rules and do not paste unvalidated inputs into commands. (6) Consider whether you are comfortable granting an agent with autonomous invocation access to an EOA private key; if not, do not provide PRIVATE_KEY to the environment and only run the skill manually from a safe environment.
Review Dimensions
- Purpose & Capability
- okName/description (Aavegotchi Baazaar marketplace actions) match the requested binaries (cast, curl, python3) and the env vars (RPC, contract addresses, subgraph, private key). All required inputs are reasonable for a tool that simulates and broadcasts Ethereum‑style transactions on Base.
- Instruction Scope
- okSKILL.md explicitly limits actions to marketplace flows: fetch subgraph listings, validate inputs, simulate with cast call, and broadcast with cast send only after explicit confirmation. It forbids printing or accepting the PRIVATE_KEY from chat, enforces chain and key/address checks, allows only a small set of HTTPS endpoints, and provides input validation snippets to reduce RCE risk.
- Install Mechanism
- okNo install spec and no code files — instruction-only skill. This minimizes install-time risk because nothing is downloaded or written to disk by the skill itself.
- Credentials
- okPRIMARY credential is PRIVATE_KEY, which is appropriate for broadcasting transactions. The other required env vars (FROM_ADDRESS, RPC, contract addresses, pricing/slippage params, subgraph URL) are proportional to the described functionality.
- Persistence & Privilege
- notealways:false (good). The skill is allowed to be invoked autonomously (default). Because it can broadcast transactions if DRY_RUN=0 and BROADCAST_CONFIRM is set, providing a private key grants real operational power — the SKILL.md does mandate user confirmation and safety checks, but users should treat autonomous invocation and an exported PRIVATE_KEY as high‑impact.