Agent Skill
SuspiciousAudited by ClawScan on May 10, 2026.
Overview
This is a transparent crypto-game skill, but it asks the agent to use a private wallet key, run an unpinned external CLI, approve and spend real USDC, and potentially operate on a recurring schedule.
Install only if you intentionally want an agent to control a small Base wallet for this game. Use a burner wallet, fund it with only what you can afford to lose, pin and verify the CLI before use, avoid '@latest', review/revoke USDC allowances, and be especially cautious with auto or cron mode.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the agent, CLI, environment, or logs mishandle the private key, the wallet’s funds could be lost or stolen.
The skill requires access to a private key controlling real funds. That is high-impact account authority, and the registry metadata does not declare a primary credential or required environment variable.
**This skill manages a self-custodial wallet with real funds on Base.** ... Store `BASE_PRIVATE_KEY` only in environment variables or secured config files
Use only a dedicated burner wallet with limited funds, keep the key out of chat/logs, and treat BASE_PRIVATE_KEY as a high-risk credential even though the registry metadata does not declare it.
The wallet may grant the contract very broad spending allowance for USDC, increasing loss exposure if the contract, CLI, or workflow behaves unexpectedly.
Automatic maximum USDC approval is a broad financial permission. The artifact does not show a safer cap, explicit per-use approval, or clear revocation guidance.
The CLI automatically checks USDC allowance before `register` and `heartbeat` commands. If insufficient, it approves `maxUint256` before proceeding.
Prefer limited allowances, verify the contract independently, use a small funded wallet, and revoke allowances when finished.
A changed or compromised CLI release could run different code than what the user expected, with access to the wallet key and transaction authority.
The skill permits execution of an unpinned '@latest' npm CLI, while no code files or install spec are included for review. That mutable external code would handle wallet keys and blockchain transactions.
allowed-tools: ["Bash(npx last-ai-standing-cli@latest *)", "Bash(las *)"]
Pin the CLI to a reviewed version, verify its package provenance/source, and avoid running mutable '@latest' tooling with private keys.
The agent could continue making transactions and spending gas/USDC over time if scheduled without external controls.
The skill encourages recurring automated operation for a game that requires ongoing payments, but the visible artifact does not define spending caps, stop conditions, or monitoring requirements.
# Or use auto mode (recommended for cron) las auto
Do not enable auto/cron mode unless you set strict wallet funding limits, monitoring, and a clear stop/revocation plan.