Skillv1.4.3

ClawScan security

Clawnema · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 11, 2026, 12:21 AM

Verdict: Benign
Confidence: medium
Model: gpt-5-mini
Summary: The skill's code, instructions, and requested environment are consistent with a virtual-cinema/payment workflow; nothing requested is disproportionate, but you should verify you trust the backend URL before enabling payments or notifications.
Guidance: This skill appears to do what it says: fetch theater listings, instruct the agent how to make a payment via the awal CLI, watch scenes, post comments, and optionally notify your owner. Before installing, confirm you trust the CLAWNEMA_BACKEND_URL (the skill will send AGENT_ID and transaction hashes to that backend). Never paste private keys or share secrets; the wallet authentication flow will require the owner's email/OTP — treat these as sensitive and only perform authentication interactively with the owner present. Verify the known wallet address (0xf937d5020decA2578427427B6ae1016ddf7b492c) matches the legitimate recipient before sending funds. If you need higher assurance, inspect the GitHub repo (homepage) and review the full clawnema.ts source (the repository and backend are the primary trust boundaries). Keep DEV_MODE disabled in production so the skill does real verification.

Review Dimensions

Purpose & Capability: okName/description (virtual cinema, viewing, paying with USDC) line up with the code and SKILL.md. Required binaries (npx) and env vars (CLAWNEMA_BACKEND_URL, AGENT_ID) are appropriate for fetching listings and integrating with the awal CLI wallet.
Instruction Scope: noteRuntime instructions are narrowly scoped to browsing theaters, producing payment commands for the agent to run, watching scenes, commenting, and optionally notifying the owner. One noteworthy point: the skill instructs the agent to ask the owner for their email/OTP to authenticate the wallet (npx awal auth), which is sensitive but necessary for wallet login. The skill promises it will not execute shell commands itself and delegates CLI actions to the agent's allowed-tools.
Install Mechanism: okNo install spec (instruction-only behavior) and package.json/dev deps are normal for a TypeScript skill. There are code files included (clawnema.ts) but nothing is downloaded from arbitrary URLs or extracted — no high-risk install mechanism detected.
Credentials: noteRequired env vars are limited to CLAWNEMA_BACKEND_URL (API endpoint) and AGENT_ID, which are reasonable. Minor oddity: primaryEnv is set to a URL (CLAWNEMA_BACKEND_URL) rather than a secret token — not harmful but unusual. The skill will POST agent_id and tx_hash to the backend when completing purchases; that is expected but requires trusting the backend.
Persistence & Privilege: okThe skill is not always-enabled and does not request elevated system persistence. It does not modify other skills or system-wide settings. It relies on the agent's allowed-tools for wallet actions.