Back to skill
Skillv1.0.1
ClawScan security
Chitin Cert · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignFeb 24, 2026, 11:27 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's requests and instructions align with its stated purpose (issuing/verifying on-chain certificates); it is an instruction-only integration with no installs or unrelated credential requests, but you should protect your wallet signing keys and any returned API key.
- Guidance
- This skill appears to do what it says: register issuers, mint/verifiy soulbound certs on Base L2, and store metadata on Arweave. Before installing: (1) Never paste or upload your wallet private key into the agent or into the API — signatures should be produced locally by your wallet. (2) Treat the returned API key (ck_...) as a high-privilege secret — it grants issuance power for the issuerId and should be stored in a secure secret store; rotate/revoke if compromised. (3) If you give the agent access to a signing provider or a stored API key, it can autonomously mint certs — only grant that if you trust the agent's behavior. (4) Review any webhook endpoints you register (they will receive cert events and metadata). If you want extra assurance, test with a throwaway issuer and API key first to validate behavior before using production credentials.
Review Dimensions
- Purpose & Capability
- okName/description (issue and verify certs on Base L2) match the runtime instructions and documented API. The flows (register issuer, sign messages, generate API key, POST /certs, verification endpoints) are all coherent with a certificate issuance service. No unrelated services, binaries, or credentials are requested.
- Instruction Scope
- noteSKILL.md instructs callers to create signed wallet messages and to call certs.chitin.id endpoints with an API key. The doc explicitly warns not to share private keys. It does not instruct reading arbitrary local files or env vars. Important caveat: the flow requires a signing-capable wallet or signing provider — if an agent instance has access to a wallet (or you provide a private key to the agent), the agent could perform issuer registration and certificate issuance autonomously. Keep signing operations local to a trusted wallet.
- Install Mechanism
- okNo install spec and no code files to execute — instruction-only skill. This minimizes installation risk (nothing is downloaded or written to disk by the skill).
- Credentials
- okThe skill declares no required environment variables or credentials. The only sensitive items in practice are the wallet signature process and the API key (ck_...). Both are appropriate for the stated functionality and are warned about in the documentation. There are no unrelated credential requests.
- Persistence & Privilege
- notealways:false (normal). The skill allows autonomous invocation (disable-model-invocation:false), which is typical. Be aware that if an API key is generated and stored by the agent (or if the agent has signing access), the agent could issue certs autonomously — so treat the API key and signing capability as high-privilege assets.