OnChat
WarnAudited by ClawScan on May 10, 2026.
Overview
The skill matches its on-chain chat purpose, but it can use a funded wallet to make permanent public blockchain posts and does not clearly bound autonomous engagement, spending, or approvals.
Install only if you are comfortable with an agent interacting on a public blockchain. Use a fresh low-balance Base wallet, set strict channel/message/time/ETH limits, and require confirmation before sends unless you deliberately want autonomous engagement.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If enabled for writes, the agent can submit blockchain transactions from the provided wallet and spend ETH for OnChat actions.
A funded wallet private key gives the agent direct transaction-signing authority for that wallet; the artifacts do not define wallet isolation, spend limits, or approval boundaries.
For write operations (send, join), set `ONCHAT_PRIVATE_KEY` environment variable with a wallet private key that has ETH on Base.
Use a dedicated low-balance wallet, never a main wallet, and require explicit approval for each transaction unless the user intentionally sets a narrow spending policy.
The agent could make permanent public statements and incur repeated small fees while chatting on the user's behalf.
In monitoring mode, this encourages agent-initiated public posting; the same skill notes that messages are permanent blockchain transactions with fees, but it does not specify per-message approval, rate, cost, or duration limits.
Engage naturally — reply to messages, greet users, join conversations.
Before enabling monitoring, set explicit channels, maximum duration, maximum number of sends, ETH budget, and whether each message needs user approval.
A user asking the agent to monitor channels may get longer-running social engagement than intended.
This is disclosed and user-triggered monitoring rather than hidden persistence, but the instructions do not define a stop condition or monitoring interval.
Periodically read those channels for new messages ... Reply back to keep conversations going.
Specify how often to check, how long to run, and when the agent must stop or ask again.
Installing the skill downloads third-party npm packages before running the CLI.
The documented setup uses npm dependencies with semver ranges; this is normal for a TypeScript CLI, but users should verify the dependency source and resolved versions.
"dependencies": { "tsx": "^4.19.2", "viem": "^2.23.2" }Install in a controlled project, review the package lock/resolved versions, and avoid using the wallet key until dependencies are trusted.