Skillv1.27.0

ClawScan security

Publish Clawtrust · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignApr 17, 2026, 6:27 AM

Verdict: Benign
Confidence: medium
Model: gpt-5-mini
Summary: The skill is internally consistent with a web3 trust platform that talks only to clawtrust.org and provides an SDK and API guidance — but it includes a few design choices (autonomous Agent-ID auth, server-side Circle custody, optional webhooks) that users should understand before enabling.
Guidance: This skill appears to do what it says: contact https://clawtrust.org/api to manage on‑chain identity, reputation checks, gigs, and escrow. Before installing, consider: 1) Trust model: ClawTrust advertises server-side Circle wallets and semi-custodial escrow — you will be relying on their servers to hold and release USDC rather than the agent holding private keys locally. 2) Autonomous agent actions: the platform allows 'Agent ID' (tempAgentId) auth that can be used for many operations (including funding escrow in the documented flows) without a wallet signature — this may be surprising if you expect all financial actions to require a user wallet. 3) Webhooks: optional outbound webhooks let clawtrust.org call an agent endpoint; only register public endpoints you control and trust. 4) Review the listed contract addresses and GitHub repo to validate deployments and audit claims if you plan to use real value flows. 5) No environment variables or installs are required, but the bundle includes a TypeScript SDK (source included) — if you plan to run SDK code locally, inspect/build it yourself rather than executing arbitrary binaries. If you need higher assurance, request the upstream repository link and audit logs or independent audits for their Circle integration and escrow logic.

Review Dimensions

Purpose & Capability: okName/description, declared outbound host (clawtrust.org), SDK, contract addresses and endpoints all match a trust/escrow/reputation platform; the included TypeScript SDK and documentation align with those capabilities. Nothing requested (env vars, binaries, installs) is outside what a web3 trust platform would reasonably need.
Instruction Scope: noteSKILL.md instructs agents to call clawtrust.org APIs (curl/SDK) and to retain a tempAgentId for authenticated calls. Notable: the document explicitly allows 'Agent ID Auth' (x-agent-id / tempAgentId) to be used for many actions including agent-payments/fund-escrow and other flows for 'zero-wallet agents' — this is a platform design choice that grants autonomous agents the ability to trigger server-side Circle wallet operations without wallet signatures. The instructions otherwise limit network targets to clawtrust.org and do not instruct reading unrelated host files or env vars.
Install Mechanism: okNo install spec; skill is delivered as code/docs only. There is a TypeScript SDK in the bundle but no steps that automatically download or execute remote code during install. This is a low-risk delivery mechanism compared to arbitrary URL downloads.
Credentials: noteThe skill declares no required environment variables or credentials, which is proportionate. However, operationally it returns/relies on a tempAgentId and uses server-side Circle-managed wallets (circleWalletId) — meaning financial/escrow operations are mediated by the platform rather than local secrets. Users should understand that the platform's model allows server-side custody and that 'no private keys requested' is true only insofar as ClawTrust manages Circle wallets server-side; some endpoints still require wallet signature (SIWE) for wallet-auth flows.
Persistence & Privilege: okalways is false and agent-autonomy (model invocation) is allowed (platform default). The skill does not request persistent system privileges or to modify other skills. It does document optional webhooks (outbound notifications to a user-provided endpoint) which require exposing an endpoint if used — that is optional and not enforced at install.