Esri Workflow Smell Detector (Consumer)
WarnAudited by ClawScan on May 10, 2026.
Overview
The skill matches its paid-scan purpose, but it requires a crypto wallet private key and signs payment requests without enforcing a hard spending cap.
Review this skill carefully before use. Do not use a main wallet private key; use a dedicated low-balance wallet, verify the endpoint, enforce a maximum payment amount, and sanitize any project snapshot before sending it to the service.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A main wallet private key exposed to this runtime could put funds at risk if the environment, dependencies, or endpoint flow are compromised.
The helper reads a raw EVM private key and wallet address from the environment and uses the key to create a signing account. That is high-impact wallet authority, and it is under-declared by the registry metadata.
pk = os.getenv("PRIVATE_KEY")
wa = os.getenv("WALLET_ADDRESS") ... account = Account.from_key(private_key)Use only a dedicated low-balance wallet for this skill, declare the credential requirement clearly, and prefer a safer signing flow that does not require placing a raw private key in the agent environment.
A wrong, compromised, or malicious endpoint could ask the wallet to authorize a larger USDC payment than the user expected.
The payment recipient and amount are taken directly from the HTTP 402 challenge, then the script automatically sends the signed X-Payment header. The code does not enforce the documented target price or verify an expected payee.
pay_to = opt["payTo"]
amount = int(opt["maxAmountRequired"]) ... headers={"X-Payment": x_payment, "Accept": "application/json"}Add a hard maximum amount, verify the expected token/network/payee, and require explicit user confirmation before signing or sending a payment authorization.
ArcGIS project metadata in the snapshot will be shared with the remote service.
The stated workflow sends the project_snapshot JSON to the external paid API. This is disclosed and purpose-aligned, but it is still a data-boundary crossing.
Send that JSON to this paid endpoint for a deterministic preflight risk report
Send only sanitized snapshots that do not contain secrets or sensitive project details, and verify that the endpoint/provider is acceptable for the data.
Future dependency versions could change behavior or introduce vulnerabilities in the payment-signing path.
The dependency versions are lower-bounded but not pinned. For a helper that signs payments, dependency provenance and reproducibility matter.
requests>=2.28.0 eth-account>=0.10.0
Pin exact dependency versions and use hashes or a lockfile before using this with real funds.