Skillv1.1.0

ClawScan security

Ethermail · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousFeb 11, 2026, 9:12 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's code and instructions generally match its stated purpose (extract a WalletConnect URI and guide signing via a separate WalletConnect agent), but there are notable inconsistencies and sensitive operations (private-key signing) that are not fully declared or sourced, so proceed with caution.
Guidance: Key things to consider before installing/using this skill: - Source verification: the skill lists no homepage and the source is unknown. Confirm the author/owner and that you're comfortable installing code from this publisher before running anything. - Private key risk: the instructions show using export PRIVATE_KEY and running a separate walletconnect-agent to automatically sign personal_sign requests. That requires exposing a private key to software — only use an isolated, disposable wallet with no funds you care about. Do NOT use your primary or large-balance keys. - Inspect walletconnect-agent: the skill depends on a separate 'walletconnect-agent' skill (not included). Review that agent's code and behavior before giving it any credentials or private keys; it performs sensitive signing actions. - Run in isolation: run the Puppeteer script and any wallet agent inside an isolated environment (container or VM) and with sandboxing enabled, as recommended. Avoid disabling the browser sandbox. - Prefer safer UX: use the Telegram Mini App path if possible (it avoids giving raw private keys to scripts). If you must use automation, prefer hardware-backed signing workflows or manual approval flows rather than exporting private keys to env vars. - Minimal testing: test first with an empty/dedicated test account and confirm the entire flow behaves as you expect (no unexpected network calls, no logging of private data).

Review Dimensions

Purpose & Capability: okThe skill claims to provide Web3 email access via WalletConnect and includes a Puppeteer script to extract the WalletConnect URI; the puppeteer dependency and the extract-wc-uri.js script are coherent with that purpose.
Instruction Scope: concernSKILL.md instructs the user/agent to provide a PRIVATE_KEY and to run an external 'walletconnect-agent' skill to perform signing. The skill does not declare any required env vars but the runtime instructions explicitly use PRIVATE_KEY; that mismatch is a scope/visibility issue. The instructions also direct automated browser navigation and clicking, which is expected for this purpose but requires careful isolation because it triggers auth flows.
Install Mechanism: noteThere is no install spec (instruction-only), which lowers install risk, but package.json and a dependency on puppeteer are present. Puppeteer is an expected npm dependency for browser automation; no downloads from anonymous URLs or extracts are used. Consumers should be aware the skill expects an npm environment to install puppeteer if they run the script.
Credentials: concernThe SKILL.md demonstrates exporting PRIVATE_KEY and running the walletconnect-agent which will sign messages with that key. The skill metadata lists no required environment variables or primary credential, so explicit handling of a private key is not declared in the manifest. Requesting access to a raw private key is high privilege and should be justified and limited (e.g., ephemeral dedicated wallet only).
Persistence & Privilege: okThe skill does not request persistent presence (always:false) and does not attempt to modify other skills or system configuration. Autonomous invocation is allowed (platform default) but not combined with other elevated privileges here.