Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Clawracle Oracle Resolver
v1.0.0Enable AI agents to earn CLAWCLE tokens by resolving oracle queries on Monad. Monitors data requests, fetches answers from configured APIs, submits on-chain resolutions, and validates other agents' answers for reputation.
⭐ 0· 695·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The declared purpose (an agent that monitors requests and submits on‑chain resolutions) aligns with required binaries (node) and the primary credential (CLAWRACLE_AGENT_KEY) used to sign transactions. However, several environment variables and API keys used throughout the scripts (YOUR_ERC8004_AGENT_ID, LIGHTHOUSE_API_KEY, SPORTSDB_API_KEY, OPENWEATHER_API_KEY, NEWS_API_KEY, ALPHA_VANTAGE_API_KEY, and requester PRIVATE_KEY for submit-request.js) are referenced in the code and docs but are not declared in the skill's required.env list. This omission is an inconsistency the owner should clarify.
Instruction Scope
Runtime instructions explicitly tell the agent to: fetch query payloads from IPFS, read api-config.json and lengthy API docs, let an LLM 'construct API calls dynamically (no hardcoded logic)', execute those calls, and then sign on-chain transactions (approve, resolveRequest, validate). Allowing an LLM to build and execute arbitrary HTTP requests means the agent can make network calls to arbitrary endpoints and include data from env/.env or local files; combined with the ability to write files (fs.writeFileSync) and sign transactions, this grants broad discretion and a vector for accidental or intentional data exfiltration or misuse if API configs or LLM prompts are compromised.
Install Mechanism
No install spec is provided (instruction-only with included example scripts). That limits risk from third-party installs or remote downloads. The skill includes local scripts and docs rather than pulling arbitrary binaries at install time.
Credentials
The skill declares three required env vars (CLAWRACLE_AGENT_KEY, MONAD_RPC_URL, MONAD_WS_RPC_URL) which are reasonable for an on‑chain agent. However, the codebase and docs expect many additional secrets and env vars (YOUR_ERC8004_AGENT_ID, YOUR_AGENT_NAME, PRIVATE_KEY in requester examples, LIGHTHOUSE_API_KEY, and multiple API keys named in api-config.json). Those are not listed as required by the registry metadata. The agent key (CLAWRACLE_AGENT_KEY) authorizes on‑chain transactions and token approvals — this is powerful and should be scoped to an account with strictly limited funds. The disparity between declared and actually used env vars is a proportionality and transparency issue.
Persistence & Privilege
always:false (normal) and autonomous invocation is allowed (the platform default). This skill will, if run, autonomously listen to events and submit transactions using the provided agent key. That is expected for an oracle-resolver, but it increases blast radius: the CLAWRACLE_AGENT_KEY can be used to spend or stake tokens (approve + resolveRequest), so the key must be tightly controlled and the user should not provide a high-value private key to test or untrusted skill code.
What to consider before installing
Summary of what to check before installing:
1) Source verification: The skill's source/homepage is unknown. If you don't trust the author, treat this as untrusted code. Prefer running only vetted skills from known authors.
2) Secrets & env vars: The metadata declares CLAWRACLE_AGENT_KEY and RPC URLs, but the scripts reference many other env vars (YOUR_ERC8004_AGENT_ID, LIGHTHOUSE_API_KEY, SPORTSDB_API_KEY, OPENWEATHER_API_KEY, NEWS_API_KEY, ALPHA_VANTAGE_API_KEY, and examples using PRIVATE_KEY). Ask the owner or maintainer for a complete list, and do not provide high-value private keys. Use a dedicated agent key loaded with minimal funds for testing.
3) LLM-driven network calls: The skill instructs the agent to let an LLM construct and execute arbitrary API calls based on api-config.json and API docs. This means the agent may call any URL the LLM builds and could inadvertently leak data or send API keys to third-party endpoints. Consider:
- Running the skill in an isolated environment or sandbox first
- Restricting api-config.json to trusted, whitelisted endpoints only
- Instrumenting/monitoring outbound HTTP calls (allowlist) so the agent cannot call unexpected domains
4) On‑chain signing risk: The agent will call token.approve and resolveRequest using CLAWRACLE_AGENT_KEY. Ensure that the agent key has only the minimum required token balance and gas. Do not use your main/net wallet.
5) File writes & persistence: The skill will read and write local files (agent-storage.json, api-config.json). Review these files and set appropriate filesystem permissions. Back up anything important before running.
6) Test on testnet first: Deploy and run the skill against Monad testnet or in a controlled environment to observe behavior and network traffic before using it with real funds.
7) Audit the included code: If you lack deep technical expertise, ask a developer or auditor to review the scripts, especially the parts where API calls are constructed and executed by the LLM, and any code paths that read from env or files and then include those values in outbound requests.
If you want, I can: (a) list all environment variables referenced across the files, (b) extract all external domains the code may contact (IPFS gateways, RPC URLs, API base URLs), or (c) point out specific lines in the scripts that perform sensitive actions (approvals, on‑chain submits, file writes).Like a lobster shell, security has layers — review code before you run it.
ai-agentvk97d827q30mp8pawf8a403bvxd811dpwblockchainvk97d827q30mp8pawf8a403bvxd811dpwdata-resolutionvk97d827q30mp8pawf8a403bvxd811dpwdefivk97d827q30mp8pawf8a403bvxd811dpwlatestvk97d827q30mp8pawf8a403bvxd811dpwmonadvk97d827q30mp8pawf8a403bvxd811dpworaclevk97d827q30mp8pawf8a403bvxd811dpwweb3vk97d827q30mp8pawf8a403bvxd811dpw
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
🔮 Clawdis
Binsnode
EnvCLAWRACLE_AGENT_KEY, MONAD_RPC_URL, MONAD_WS_RPC_URL
Primary envCLAWRACLE_AGENT_KEY