Trust Escrow

WarnAudited by ClawScan on May 10, 2026.

Overview

The skill is coherent for Base Sepolia escrow payments, but it under-declares wallet/private-key use and gives broad USDC approval and payment-management instructions without clear per-transaction user safeguards.

Install only if you are comfortable with an agent helping prepare Base Sepolia escrow transactions. Use a dedicated test wallet, never provide a mainnet/private production key, verify the contract independently, and require explicit confirmation before every approval, create, release, cancel, dispute, or batch operation.

Findings (3)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

High

#ASI03: Identity and Privilege Abuse

What this means

If an agent or generated code handles the wrong wallet key, reuses a production key, or signs an unintended approval, the user's wallet authority and token balances could be affected.

Why it was flagged

The workflow expects access to a wallet private key and uses it to approve USDC spending by the escrow contract.

Skill content

const account = privateKeyToAccount('0xYOUR_PRIVATE_KEY'); ... functionName: 'approve', args: [ESCROW_ADDRESS, parseUnits('100', 6)]

Recommendation

Use a dedicated Base Sepolia test wallet, avoid pasting production private keys, prefer wallet-confirmation flows over raw private keys, and require explicit user approval for every signing action.

Medium

#ASI02: Tool Misuse and Exploitation

What this means

A mistaken or autonomous invocation could create or release multiple escrow payments at once.

Why it was flagged

The skill documents batched on-chain write operations that can create or release multiple escrows, but the artifact does not define approval gates, amount limits, recipient validation, or rollback guidance.

Skill content

functionName: 'createEscrowBatch', args: [[addr1, addr2, addr3, addr4, addr5], [100e6, 200e6, 150e6, 300e6, 250e6], ...] ... functionName: 'releaseBatch'

Recommendation

Before any write or batch call, require the agent to display receiver addresses, amounts, deadlines, escrow IDs, network, contract address, and estimated effect, then wait for explicit user confirmation.

Low

#ASI04: Agentic Supply Chain Vulnerabilities

What this means

Users have less information to verify whether the contract and documentation are trustworthy before granting token approvals.

Why it was flagged

The registry metadata does not provide source or homepage provenance for a skill that directs users to interact with a fixed escrow contract.

Skill content

Source: unknown; Homepage: none

Recommendation

Verify the contract address, ABI, source code, deployment history, and any audits independently before funding or approving the escrow contract.