Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Audit
v1.0.0The Supreme Verifier for the Synthetic Economy. Autonomous inspection of code, contracts, and capital flows. Ensuring truth in an era of infinite generation.
⭐ 0· 495·10 current·13 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The name/description claim institutional-grade audits (on-chain/off-chain reconciliation, signing proofs, smart-contract security), but the skill declares no binaries, no environment variables, no config paths, and no install steps. Realizing these capabilities would normally require network access, blockchain node/API keys, signing keys, and specialized tooling — none of which are specified.
Instruction Scope
SKILL.md is conceptual: it defines audit domains and three high-level protocol steps (evidence collection, discrepancy analysis, certification) but contains no concrete runtime instructions, endpoints, or limits. The language is broad and open-ended, which gives an agent wide discretion to access data sources or request credentials without constraints.
Install Mechanism
No install spec and no code files are present, which minimizes immediate disk/execution risk. This is consistent with an instruction-only skill, but also means there is nothing to verify about implementation or provenance.
Credentials
The described functionality implies the need for sensitive credentials (blockchain keys, API tokens, private signing keys) and access to external services, yet the skill requests none. That mismatch is suspicious: either the skill is incomplete/documentation-only, or it expects the agent to acquire or ask for secrets at runtime without declaring them.
Persistence & Privilege
The skill is not marked 'always' and uses the platform default for autonomous invocation. That alone is not a problem, but combined with the vague, high-privilege-sounding description it means an agent could be instructed to perform broad actions if allowed — ask the author how autonomous runs should be constrained.
What to consider before installing
This skill reads like a high-level manifesto rather than an implementable tool. Before installing or enabling it: ask the author for concrete runtime details (what APIs/nodes it needs, what binaries or libraries it expects, how proofs are signed and where private keys are stored), demand provenance or source code (who wrote it, where is the repo), and never supply private keys or system credentials until you understand exactly how they will be used and stored. Because the SKILL.md is intentionally vague, treat it as incomplete: install only if the author provides a clear security model and minimal, specific requirements that match the claimed capabilities.Like a lobster shell, security has layers — review code before you run it.
auditvk972xds018zhkfzmky9brf54xn82gd4qcompliancevk972xds018zhkfzmky9brf54xn82gd4qfinancevk972xds018zhkfzmky9brf54xn82gd4qlatestvk972xds018zhkfzmky9brf54xn82gd4qtrustvk972xds018zhkfzmky9brf54xn82gd4qverificationvk972xds018zhkfzmky9brf54xn82gd4q
License
MIT-0
Free to use, modify, and redistribute. No attribution required.