ClawHub
Skill flagged โ€” suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Basename Agent

v2.1.0

๐Ÿท๏ธ Basename Agent - Onchain Identity + ร†mail for AI. Register yourname.base.eth and get yourname@basemail.ai โ€” via Donate Buy (recommended), free auto-regis...

โญ 0ยท 2kยท1 currentยท1 all-time
byJu Chun Ko@daaab
MIT-0
Download zip
LicenseMIT-0 ยท Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report โ†’
OpenClawOpenClaw
Suspicious
high confidence
!
Purpose & Capability
The skill's name/description (Basename registration + email) match the included scripts and SKILL.md. However, the registry metadata lists no required environment variables while both SKILL.md and the included scripts clearly require a PRIVATE_KEY (and optionally WC_PROJECT_ID, RPC_URL, CHAIN_ID). That mismatch is incoherent: a registration/WalletConnect tool legitimately needs a private key, but the metadata fails to declare it.
!
Instruction Scope
Runtime instructions and code perform sensitive actions: signing transactions on Base, calling external APIs (api.basemail.ai, base.publicnode.com), launching Puppeteer to drive a browser UI, and approving WalletConnect sessions. The WalletConnect connector defaults to non-interactive (auto-approve) operation and approves sessions including methods like eth_sendTransaction, personal_sign, eth_signTypedData_v4 โ€” i.e., it can sign on-chain TXs and arbitrary messages. These actions are within the stated purpose but carry high-risk side effects (funds/messages) and are not clearly flagged in registry metadata.
โ„น
Install Mechanism
No install spec is present (instruction-only), but a package.json and JS scripts are included referencing heavy dependencies (puppeteer, @walletconnect, ethers). That means running the scripts will require installing npm packages locally; there is no automatic trusted package install described. The dependencies themselves are common for this purpose (not unexpected), but absence of an install spec and included code means users may run uninstalled code or be surprised by the required runtime setup.
!
Credentials
The code requires a PRIVATE_KEY (sensitive secret) to perform registrations and signing, plus optional WC_PROJECT_ID / RPC_URL / CHAIN_ID. The registry metadata declared no required env vars (Primary credential: none). That omission is an important inconsistency. The scripts also suggest using a wallet with limited funds and create local audit logs in the user's home directory, but they will operate on full private-key authority if provided.
โ„น
Persistence & Privilege
The skill does not request always:true and does not modify other skill configurations. It writes audit logs under ~/.basename-agent and ~/.walletconnect-agent (local files, mode 0700/0600). The main privilege risk is operational: if invoked it can use the provided private key to sign transactions; combined with auto-approval this increases blast radius, but the skill does not assert permanent/always-installed presence.
What to consider before installing
This skill appears to do what it advertises (register on-chain names and create an email) but it requires a wallet private key and the included WalletConnect connector defaults to auto-approving sessions and signing transactions. Before installing or running: (1) assume PRIVATE_KEY is required even though metadata omits it โ€” avoid using your main wallet; use a dedicated wallet with minimal funds; (2) inspect and run the scripts in a controlled environment and install npm deps yourself; (3) run with interactive prompts enabled (e.g., wc-connect --interactive) or set audit logging, and avoid auto-approve modes; (4) review the code paths that automatically approve WalletConnect sessions and signing requests if you want to ensure explicit confirmation on every signature; (5) do not place an irrevocable/private key in global environments without understanding the risk. If you want to proceed safely, ask the author to correct the metadata to declare PRIVATE_KEY and to expose safer defaults (interactive by default, explicit require of a dedicated key) or run the code only within an isolated VM/container with a throwaway wallet.

Like a lobster shell, security has layers โ€” review code before you run it.

latestvk978sgxj09w7ny6t23jpb1995981gjeh

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments