Back to skill
Skillv2.0.0
ClawScan security
NadName Agent Β· ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
SuspiciousFeb 11, 2026, 9:26 AM
- Verdict
- suspicious
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill mostly matches its stated purpose (registering .nad names) but contains inconsistencies and risky implementation details you should review before using (notably undeclared PRIVATE_KEY usage, local keystore creation, and a pre-scan prompt-injection signal).
- Guidance
- This package appears to implement the advertised NNS registration flows, but there are a few red flags you should consider before running it: 1) The code expects a PRIVATE_KEY (or managed keystore) but the skill metadata did not declare thatβtreat that as a transparency issue. 2) The scripts create files under ~/.nadname and may print or save your mnemonic/private key; only run if you are comfortable with that behavior and have inspected the code. 3) The pre-scan found unicode control characters in the documentationβreview SKILL.md as plain text to ensure no hidden instructions. Practical safety steps: run the code in an isolated environment (throwaway VM or container), use a throwaway wallet with minimal funds for testing, inspect the full register-name.js file (verify API endpoints and that signatures/transactions are constructed as expected), and don't provide your main wallet's private key until you fully audit the code. If you need higher assurance, ask the publisher for a verifiable source repository or signed release; absence of a homepage/source URL reduces confidence.
- Findings
[unicode-control-chars] unexpected: A pre-scan detected unicode-control characters in SKILL.md, which can be used for prompt-injection or to obfuscate content. This is not expected for documentation and should be inspected; presence does not prove maliciousness but reduces transparency.
Review Dimensions
- Purpose & Capability
- noteThe name/description (register .nad names via NNS) matches the included scripts and API/contract calls. However, the skill metadata declares no required environment variables while the runtime docs and scripts depend on a PRIVATE_KEY environment variable (or managed keystore). That mismatch between declared requirements and the actual runtime expectations is an incoherence users should notice.
- Instruction Scope
- noteSKILL.md and the scripts instruct only the operations needed to check availability, register names, and list owned names. They also instruct creating and storing an encrypted keystore under ~/.nadname and optionally printing/saving the mnemonic. Those file and console actions are within the domain of a wallet/registration tool, but printing the mnemonic to the console and offering to save it (even encrypted) expands the scope and increases risk if you don't audit or run in a safe environment.
- Install Mechanism
- okNo install spec is provided; it's an instruction + code bundle that relies on standard Node tooling (package.json lists ethers). This is low-risk compared with download-and-extract installers. You still need to run npm install to fetch dependencies.
- Credentials
- concernThe runtime expects sensitive secrets (PRIVATE_KEY) and will read/write files under the user's home (~/.nadname). Yet the skill registry metadata did not declare any required env vars. Requesting access to a private key is reasonable for a registration tool, but the missing declaration is a transparency problem. Also the scripts may log or print mnemonic/private-key material to the console or write files; ensure you understand those flows before use.
- Persistence & Privilege
- noteThe skill writes/reads a managed keystore in ~/.nadname and wallet info files (normal for wallet tooling). It does not request always: true or system-wide changes, nor does it modify other skills. Persisted files live in the user home and are under your control, but their presence is permanent until you remove them.