Skillv1.2.3

ClawScan security

Chitin · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignFeb 13, 2026, 8:52 PM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's declared purpose (on‑chain AI agent identity) matches its instructions and artifact set; it is an instruction-only integration that asks an agent to construct hashes, call chitin.id APIs, and coordinate owner wallet signatures — all coherent with registering an identity on Chitin.
Guidance: This skill appears internally consistent for the purpose of registering/verifying an AI agent on Chitin, but it interacts with sensitive assets (owner wallet signatures, API keys, and portions of your system prompt). Before using it: 1) Verify the domain and TLS (https://chitin.id) and check contract addresses on-chain yourself; 2) Do not provide your private key to any service — sign EIP‑712 payloads only after inspecting the exact message and using a wallet you control; consider a dedicated agent wallet with limited funds/permissions; 3) Be aware that any fields you mark as public (publicFields) become permanently archived/on‑chain and may be discoverable — redact anything you want to keep secret; 4) Prefer 'review' registration mode so an operator can approve the final submission and signature; 5) Rotate API keys if compromised and do not approve unsolicited signature requests; 6) The skill cannot enforce in-memory deletion promises — treat the system prompt as sensitive and avoid automatically publishing full prompts. If you need higher assurance, review the Chitin contracts and server code (if available) or perform registration on a testnet first.

Review Dimensions

Purpose & Capability: okName/description, skill.json, SKILL.md and ancillary files consistently describe an on‑chain identity protocol (ERC-8004 + SBT + DID + Merkle selective disclosure). No unrelated credentials, binaries, or install steps are requested.
Instruction Scope: noteRuntime instructions ask the agent to (a) normalise and hash its system prompt to build a CCSF/Merkle root, (b) call chitin.id APIs (register, verify, chronicle, disclose, binding), and (c) coordinate owner EIP‑712 signatures or API keys for writes. This is expected for registration, but it means parts of the prompt can be selected as 'publicFields' and permanently archived (Arweave/on‑chain). The SKILL.md repeatedly warns not to send private keys elsewhere, but the agent/operator must follow that guidance — the skill cannot enforce deletion of prompt material after hashing.
Install Mechanism: okInstruction-only skill with no install spec, no downloaded code, and no third‑party install URLs. This is the lowest-risk install vector and matches the skill's documentation files.
Credentials: noteThe skill requests no environment variables or binaries at packaging time. At runtime it legitimately expects owner-provided credentials: an owner wallet for EIP‑712 signatures and (optionally) a Chitin API key issued at registration. These are proportionate to on‑chain writes and chronicle actions, but they are sensitive — owners should sign only after verifying the exact EIP‑712 payload and should not reuse high‑value keys.
Persistence & Privilege: okNo 'always: true' privilege, model invocation is allowed (normal), and the skill does not request modifications to other skills or system-wide settings. It only directs interactions with chitin.id endpoints and instructs the agent to inform the owner of updates.