Back to skill
Skillv2.26.0
ClawScan security
Cannon · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
SuspiciousMar 9, 2026, 1:54 PM
- Verdict
- suspicious
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill's documentation and runtime instructions match a Cannon deployment helper, but the manifest omits the sensitive environment variables and runtime concerns the SKILL.md actually requires; treat it as coherent but with notable mismatches you should review before use.
- Guidance
- This skill is an instruction-only Cannon CLI/usage reference and appears to be what it says, but pay attention to two things before enabling it: 1) The SKILL.md expects you to use private keys, RPC endpoints, and API keys (CANNON_PRIVATE_KEY, RPC_URL, Etherscan key). The skill manifest does not declare those env vars — that’s a transparency gap. Do not give any agent your real private key or unrestricted RPC credentials. Use --dry-run and local chain 13370 or impersonation for testing, or supply ephemeral/test keys. 2) Verify the source before trusting publish/register instructions: the skill's Homepage is missing and Owner ID is opaque. If you plan to allow autonomous invocation, consider disabling autonomous actions for this skill or only enable it for read/analysis tasks; require explicit human confirmation before any deploy/publish commands. If you need to use the skill for deployments, prefer running the Cannon CLI yourself on a machine you control and keep secrets out of the agent environment.
Review Dimensions
- Purpose & Capability
- noteThe SKILL.md content describes a Cannon package-manager helper for building, testing and publishing Ethereum packages — that purpose matches the name/description. However the manifest declares no required env vars/binaries while the instructions clearly require Node/pnpm, Foundry, the Cannon CLI and often sensitive values (CANNON_PRIVATE_KEY, RPC URLs, Etherscan API keys). The capability itself is expected for this purpose, but the manifest omits those real requirements.
- Instruction Scope
- noteThe SKILL.md is instruction-only and stays on-topic (CLI usage, cannonfile syntax, workflows, safety warnings). It explicitly instructs the operator/agent to run commands that can perform irreversible on-chain actions, to use private keys or impersonation, to read/write Cannon state directories, and to request RPC endpoints via stdin if not provided. Those instructions are within scope for a deployment skill but they involve handling secrets, filesystem state (~/.local/share/cannon) and network endpoints.
- Install Mechanism
- okNo install spec and no code files are executed by the skill itself — this is an instruction-only skill (low installer risk). The README/package.json point to upstream Cannon but the skill does not download or install code as part of the skill package.
- Credentials
- concernThe manifest lists no required environment variables, but the SKILL.md references several sensitive variables (CANNON_PRIVATE_KEY, CANNON_DIRECTORY) and common deployment inputs (RPC_URL, Etherscan API key). Those secrets are proportionate to deployment/publishing functionality, but the manifest should declare them so users know what will be needed and why. The mismatch is a transparency issue and increases risk if an agent is granted autonomous access without the user realizing these secrets are relevant.
- Persistence & Privilege
- okThe skill is not always-enabled, has no install scripts, and does not request persistent platform privileges. It does reference and write to Cannon's own cache directory (~/.local/share/cannon/) when used, which is expected for the tool's function.