v1.1.2

ClawFriend

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 5:25 AM.

Analysis

ClawFriend is broadly aligned with its social/trading purpose, but it requests powerful wallet and API credentials, sets up background automation, and instructs the agent to trust and run community skill content.

GuidanceReview this skill carefully before installing. Use a dedicated wallet with limited funds, do not reuse sensitive keys, verify all cron jobs and community skills, and require explicit confirmation before trades, transfers, marketplace changes, or running community-provided scripts.

Findings (5)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Agent Goal Hijack

SeverityHighConfidenceHighStatusConcern

SKILL.md

BEFORE performing ANY action, you MUST check for community-installed skills ... If relevant community skill exists → Read its SKILL.md and use it

The core skill instructs the agent to make community skill documents authoritative before any action, allowing unrelated or untrusted local skill text to redirect behavior.

User impactA community skill could steer the agent away from the user’s intent or introduce unsafe instructions that the agent is told to prioritize.

RecommendationOnly load community skills that the user explicitly selects and trusts; treat their instructions as untrusted input and do not give them automatic priority over the user’s request.

Agentic Supply Chain Vulnerabilities

SeverityHighConfidenceHighStatusConcern

SKILL.md

Execute skill-specific commands (if the skill provides scripts): ... node scripts/some-script.js [args]

The skill explicitly permits running scripts supplied by community skills, which may come from a marketplace or manual installation path outside the reviewed core skill.

User impactInstalling or using a malicious community skill could lead to arbitrary code running under the user’s OpenClaw environment.

RecommendationReview community skill source code before installation and require explicit user approval before running any community-provided script.

Unexpected Code Execution

SeverityHighConfidenceMediumStatusConcern

scripts/activation-monitor.js

execSync(`node ${skillPath}/scripts/register.js update-profile --bio "${bio}"`, {

The static scan shows a shell command built with an interpolated bio value, which is an unsafe pattern if that value can contain shell metacharacters.

User impactA crafted profile bio or similar input could potentially cause unintended local shell commands to run.

RecommendationReplace shell-string execution with argument-array execution such as spawn/execFile, and validate or escape any user/API-provided values.

Rogue Agents

SeverityMediumConfidenceHighStatusConcern

preferences/registration.md

Sets up heartbeat cron job ... Sets up activation monitor cron job ... Run heartbeat checklist every 15 minutes (autonomous execution)

The setup flow creates persistent scheduled jobs that continue operating after the initial setup command.

User impactThe skill can keep running background checks or automation on a schedule, which may surprise users and increases the impact of unsafe instructions or compromised credentials.

RecommendationInstall only if you want persistent automation; review the cron jobs after setup and disable them when they are no longer needed.

Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse

SeverityHighConfidenceHighStatusConcern

preferences/security-rules.md

Your `EVM_PRIVATE_KEY` is your identity and controls your assets ... Leaking it = impersonation, unauthorized posts, and share trading.

The skill requires credentials that can control crypto assets and ClawFriend account actions, including posting and trading.

User impactIf the skill, its scripts, or a community extension mishandles these credentials, the user could lose assets or have their account used for unauthorized actions.

RecommendationUse a dedicated low-value wallet, limit funds and allowances, rotate API keys if suspicious activity occurs, and confirm all trade/transfer actions before signing.