Back to skill
Skillv1.0.5
ClawScan security
Element NFT Trader · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 2, 2026, 6:59 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's code, required environment variables, and runtime instructions are consistent with a wallet-backed NFT trading tool for Element; the private-key requirement is sensitive but proportionate to the stated purpose.
- Guidance
- This skill appears to do exactly what it says: use the Element API and a locally configured wallet private key to create/buy/accept/cancel orders. Before installing: 1) Use a dedicated low-value wallet for testing and never reuse a primary funds wallet. 2) Understand that the skill requires placing your private key in the environment — consider safer signing options (hardware wallet or a provider/connection flow) if available. 3) Keep autonomous invocation governed by policies you control; although the skill enforces confirmed:true for state changes, verify your agent's settings so the skill cannot run unintentionally. 4) Review the shipped scripts/lib/entry.js and any code that constructs providers (to confirm no unexpected network endpoints or telemetry). 5) Rotate the private key if you stop using the skill or suspect leakage.
Review Dimensions
- Purpose & Capability
- okName/description match the requested resources: ELEMENT_API_KEY for the Element API and ELEMENT_WALLET_PRIVATE_KEY to sign on-chain transactions locally. Required binaries (node, jq) and shipped prebuilt JS are consistent with the declared trading functionality.
- Instruction Scope
- okSKILL.md limits operations to trading-related flows, documents required env vars, and enforces confirmation rules for state-changing actions. It does not instruct the agent to read unrelated system files or to exfiltrate secrets in chat; examples run the included entry.js.
- Install Mechanism
- okNo network install is required; the skill ships prebuilt JavaScript under scripts/lib/, so nothing is downloaded at install time. This is lower risk than remote downloads or run-time fetches.
- Credentials
- noteOnly two env vars are required (ELEMENT_API_KEY and ELEMENT_WALLET_PRIVATE_KEY), which is appropriate for an on-chain trading tool. The wallet private key is highly sensitive — the skill expects it in environment variables and will use it to sign transactions locally. The primaryEnv being ELEMENT_API_KEY is reasonable but does not reduce the sensitivity of the private key.
- Persistence & Privilege
- notealways:false and default autonomous invocation settings are normal. The runtime enforces confirmed:true for any state-changing operation, reducing risk from automated execution. Nonetheless, granting any skill access to a private key increases blast radius if misused — verify invocation policies and require explicit confirmations before use.