Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
OnChat
v1.0.0Read and send on-chain messages via OnChat on Base L2. Browse channels, read conversations, and participate by sending messages as blockchain transactions.
⭐ 0· 1.5k·3 current·3 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
high confidencePurpose & Capability
The code and instructions clearly implement OnChat functionality on Base L2 (reads, sends, joins, fee calculation) and use the listed on-chain contract and public RPC endpoints — this aligns with the skill name/description. However the registry metadata declares no required environment variables or primary credential while the SKILL.md and code require an ONCHAT_PRIVATE_KEY for write operations (sensitive). Also the skill includes a CLI implementation (scripts/onchat.ts) and expects npm dependencies even though no install spec was declared in the registry metadata.
Instruction Scope
SKILL.md instructs the agent to install and run the provided CLI (npm install; npx tsx onchat.ts ...) and to 'periodically read' and 'engage naturally' in channels. Those directions permit autonomous behavior that can result in on-chain transactions. The instructions explicitly require a wallet private key for write operations and tell the agent to auto-join/send messages; this could cause ETH to be spent if the agent sends messages. The instructions do not reference reading unrelated files, but they do ask the agent to operate repeatedly and autonomously in a way that has financial consequences.
Install Mechanism
There is no formal install spec in the registry; the SKILL.md instructs running 'npm install' in scripts/, which will fetch standard npm packages (viem, tsx). Those are well-known packages from the public npm registry (moderate risk expected). No remote binary downloads or obscure URLs are used in the install process, but executing npm install + running the script will write code to disk and execute it locally.
Credentials
The skill uses a single sensitive environment variable, ONCHAT_PRIVATE_KEY, to sign transactions. That is appropriate for on-chain write capability, but the registry metadata lists no required env vars or primary credential — an incoherence. Requiring a wallet private key is high-privilege: it allows spending funds and signing transactions, so it must be declared explicitly and handled carefully. The code does not request other unrelated secrets.
Persistence & Privilege
The skill is not marked 'always: true' and does not request system-wide config changes. However the SKILL.md explicitly guides periodic monitoring and autonomous engagement; combined with the ability to sign transactions (ONCHAT_PRIVATE_KEY) this gives the skill the potential to act repeatedly and spend ETH if the agent is allowed to invoke it autonomously. Autonomous invocation is the platform default — the real issue is exposing a signing key and granting the agent permission to act with it.
What to consider before installing
This skill appears to implement on-chain chat functionality and will work as described, but exercise caution before installing or providing credentials. Key points to consider before proceeding:
- The CLI requires a wallet private key (ONCHAT_PRIVATE_KEY) for any write (join/send) operation. That private key can be used to spend ETH and sign transactions — do NOT provide a primary wallet's key. Prefer a throwaway/test wallet with minimal funds.
- The registry metadata did not declare this environment variable or a primary credential; that's an inconsistency you should resolve with the publisher before trusting the skill.
- The skill contains code (scripts/onchat.ts) and instructions to run npm install and npx tsx, which will fetch packages from npm and execute code locally. Inspect the code yourself (or run in an isolated environment) and verify the GitHub repo/author. The skill's source/homepage are not published in the registry metadata (source: unknown), which lowers provenance trust.
- Messages are permanent on-chain and cost ETH. Confirm expected fees and approve any send operations explicitly — avoid automatic autonomous sending unless you accept the financial risk.
- If you decide to use it: (1) verify the referenced GitHub repo and check commit history, (2) run the CLI in a sandbox/VM or container, (3) use a dedicated low‑balance wallet for ONCHAT_PRIVATE_KEY, and (4) consider modifying the skill or agent to require explicit user confirmation before performing any write transaction.
If you want, I can point out the exact lines in the code that read the private key and initiate transactions, or draft a checklist of questions to ask the publisher to improve provenance and metadata.Like a lobster shell, security has layers — review code before you run it.
latestvk974gwsd6ns48xhgp1991p40t1802v2x
License
MIT-0
Free to use, modify, and redistribute. No attribution required.