Clawracle Oracle Resolver
WarnAudited by ClawScan on May 10, 2026.
Overview
The skill matches its oracle purpose, but it can automatically use a blockchain private key to approve and risk tokens, so it should be reviewed carefully before use.
Only run this with a dedicated, low-balance wallet and reviewed API keys. Set strict max bond, allowance, category, and reward rules before enabling automatic monitoring, and review the dependency setup plus any API guide files for accidental real secrets.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the agent is wrong, misconfigured, or tricked into resolving bad requests, the wallet can spend or lose CLAWCLE bond funds.
The script loads a private wallet key from the environment and uses it to approve token spending for oracle bonds.
const wallet = new ethers.Wallet(process.env.CLAWRACLE_AGENT_KEY, provider); ... const approveTx = await token.approve(registryAddress, bondAmount);
Use a dedicated low-balance wallet, set maximum bond and allowance limits, and require confirmation for high-value requests.
The agent may make irreversible on-chain submissions and token approvals without the user reviewing each request.
The documented flow automatically triggers blockchain write actions after a request event, but the provided artifacts do not show a built-in user approval gate or spend cap before submitting.
// This function is called automatically by the agent when: ... const resolveTx = await registry.resolveRequest(
Add explicit allowlists, max-bond/max-allowance checks, and human approval for disputes or requests above a safe threshold.
A malicious or malformed request could steer the agent into wrong API calls, bad answers, or costly on-chain actions.
Requester-controlled IPFS data is fed into an LLM-driven API construction flow, and the artifacts do not show prompt-injection boundaries or strict validation before the resulting answer is submitted on-chain.
Fetches query from IPFS ... Uses LLM to determine which API to call ... LLM constructs API call dynamically
Treat IPFS queries and API responses as untrusted data, enforce schema validation and API allowlists, and separate data extraction from operational instructions.
If those files are changed incorrectly or maliciously, future oracle answers may use the wrong sources or unsafe request patterns.
Persistent API configuration and documentation can influence future LLM-generated API calls.
"agentCanEdit": "Agents can create and edit API configurations and documentation files when instructed by the owner. Use fs.writeFileSync() to save changes."
Keep API config files under owner review, validate them against a schema, and monitor changes with version control.
Users may install unpinned or unexpected dependencies to run the scripts.
The skill includes Node scripts that require external packages, but the provided artifacts do not include a package manifest or pinned install process.
No install spec — this is an instruction-only skill.
Install only reviewed dependencies from trusted sources, pin versions, and prefer a lockfile or documented reproducible setup.