ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

BTCD Skill (NBW)

v1.0.0

Run the BTCD collateralization flow on PGP chain. Use when the user asks to run a BTCD loan, collateralization flow, create/take orders, lock BTC, submit pro...

2· 501·0 current·0 all-time
by@contact-nbwfoundation
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The scripts (create/take order, lock BTC, submit proof, claim tokens, repay) match the described BTCD collateralization flow on PGP. Requiring an EVM private key and a BTC private key is expected for a fully automated taker/borrower flow. However, the registry metadata lists no required environment variables or primary credential while the SKILL.md and scripts explicitly require EVM_PRIVATE_KEY and BTC_PRIVATE_KEY (see scripts/.env.template.txt). This metadata mismatch is an incoherence worth flagging.
!
Instruction Scope
SKILL.md instructs copying the bundled Node.js project, adding private keys to .env, running npm install, and executing scripts that sign and broadcast real BTC and EVM transactions. That scope is consistent with the stated purpose, but it explicitly requires long-lived private keys and will create/sign/broadcast transactions. The instructions also instruct persistent state writes to state/flow-state.json. There are no clear instructions to use ephemeral/test keys; the SKILL.md expects mainnet BTC and funded EVM wallet. Because the registry declared no required secrets, users could be surprised into exposing private keys.
Install Mechanism
No centralized 'install' spec in the registry (instruction-only skill) but the bundle includes a package.json and expects you to run npm install locally. That pulls dependencies from npm (supply-chain risk). This is normal for a local Node.js tool, but it is a moderate risk compared to instruction-only skills with no dependencies.
!
Credentials
The runtime requires sensitive secrets (EVM_PRIVATE_KEY, BTC_PRIVATE_KEY) and funded wallets — appropriate for the stated function — but the skill metadata did not declare them. The .env.template also points to external endpoints (EVM_RPC_URL, ARBITRATION_SUBGRAPH_URL, NOWNODES_BTC_URL). Some endpoints (e.g., nownodes-btc.bel2.org, graph.eadd.co) are not obviously well-known/trusted services; the skill will make network calls to these hosts. Requiring private keys + communicating with third-party endpoints increases the exfiltration/supply-chain risk if those endpoints are malicious or compromised.
Persistence & Privilege
The skill does not request always:true and does not modify other skills or global agent config. It persists flow state locally to a state/ directory and archives state files; this is reasonable for a multi-step flow and scoped to the working directory.
What to consider before installing
Do not paste your mainnet private keys into this project unless you fully trust the source and have reviewed the code. Key points to check before using: 1) The registry metadata claims no required credentials but the bundled .env.template and SKILL.md require EVM_PRIVATE_KEY and BTC_PRIVATE_KEY — treat this mismatch as a red flag. 2) Inspect scripts/utils/btc-client.js and scripts/utils/arbiter-client.js to see which external endpoints are contacted and whether any secrets or data are sent to unexpected hosts (notably NOWNODES_BTC_URL and ARBITRATION_SUBGRAPH_URL). 3) Run npm install only in an isolated environment (VM/container) and run npm audit; consider pinning dependencies. 4) Test with provably empty/test keys and minimal test funds (or on testnet) before using real funds. 5) If you must run with real keys, prefer read-only/watch-only or hardware-backed signing (instead of placing raw private keys in .env). 6) If you cannot verify the external domains (bel2.org, eadd.co, swap.pgpgas.org) or the authors, avoid using mainnet funds. Additional info that would raise confidence to 'high': an authoritative source/homepage for the project, published release on a known repo (GitHub) with checksums, or explicit registry metadata that lists the required env vars and explains the external endpoints.

Like a lobster shell, security has layers — review code before you run it.

latestvk97e95ggxh1zb0574hvkk5n22581phcd

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments