Agent Skill
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: agent-skill Version: 0.1.0 The skill bundle facilitates participation in a blockchain-based survival game ('Last AI Standing') that requires high-risk operations, including managing a private key (BASE_PRIVATE_KEY) and performing automated financial transactions on the Base network. It relies on an external CLI tool fetched via 'npx last-ai-standing-cli@latest', which introduces a supply chain risk, and utilizes the 'gh' CLI for identity registration, potentially accessing the agent's GitHub environment. While these actions are aligned with the stated purpose and include security warnings in SKILL.md, the combination of financial risk, external code execution, and broad tool permissions meets the threshold for a suspicious classification.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A mistaken, compromised, or overly autonomous invocation could spend funds from the wallet, and unlimited allowance can put all USDC in that wallet at risk.
The skill expects a private key controlling real funds and automatically grants an unlimited USDC allowance to the game contract, which is broader than a bounded per-transaction approval.
**This skill manages a self-custodial wallet with real funds on Base.** ... `export BASE_PRIVATE_KEY=0x...` ... If insufficient, it approves `maxUint256` before proceeding.
Use only a new low-balance wallet, set strict funding limits, require explicit human approval for swaps/approvals/heartbeats, and prefer finite allowances where possible.
A future or compromised CLI package version could sign unintended transactions with the configured wallet.
The skill authorizes an unpinned npm package via `@latest` and a CLI wildcard, while no package code or lockfile is included in the reviewed artifacts. This matters because the CLI will handle wallet keys and real funds.
allowed-tools: ["Bash(npx last-ai-standing-cli@latest *)", "Bash(las *)"]
Pin exact package versions, review the CLI source and package provenance, and avoid letting unreviewed `@latest` code access private keys.
The agent could initiate costly or irreversible blockchain actions if invoked at the wrong time, with wrong parameters, or without enough human oversight.
The workflow gives the agent shell/CLI authority over irreversible financial transactions, including swaps and contract calls, without artifact-backed transaction limits or approval gates.
`las swap eth usdc 0.01` ... `las register <agentId>` ... `las heartbeat` ... `las kill` ... `las claim` ... `las auto`
Add status-first or dry-run behavior, explicit confirmation before every transaction, amount ceilings, and clear rules for when the agent may spend, swap, approve, or claim funds.
If cron or auto mode is enabled, the wallet may continue spending gas and USDC until funds run out or the job is stopped.
The skill suggests recurring autonomous operation. This fits the game purpose, but it can keep making transactions after setup if scheduled.
# 5. Stay alive every epoch las heartbeat # Or use auto mode (recommended for cron) las auto
Only enable automation with a dedicated low-balance wallet, a clear stop condition, monitoring, and an easy way to disable the scheduled job.