zeruai
WarnAudited by ClawScan on May 10, 2026.
Overview
This looks like the advertised Zeru blockchain tool, but it needs review because it can use a raw wallet private key to spend ETH and make permanent on-chain changes.
Install only if you intend to let this skill sign Zeru registry transactions. Use a dedicated low-balance wallet, test on Base Sepolia first, review every register/set-metadata/unset-wallet action, and remember that agent metadata and registrations may become public and persistent.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the configured key is a main wallet or holds significant funds, misuse or compromise of the agent environment could expose assets and signing authority.
The skill loads a raw wallet private key from the environment and creates an ethers Wallet signer. That key can authorize transactions for the whole wallet, not only this registry.
const pk = process.env.PRIVATE_KEY; ... const signer = new Wallet(pk, provider);
Use only a dedicated low-balance wallet for this skill, prefer Base Sepolia for testing, and avoid reusing a personal or treasury private key.
An unintended invocation can spend ETH for fees/gas and create permanent public on-chain records on Base Mainnet by default.
The registration command displays the fee and then proceeds to create the URI and broadcast the on-chain registration transaction; the provided code does not show an explicit confirmation step before sending.
console.log(` Fee: ${formatEther(fee)} ETH`); ... const { agentId, txHash } = await registerAgent(config, { signer, agentURI });Require explicit user confirmation before every write transaction, show chain/contract/fee/agent metadata, and consider defaulting examples to Base Sepolia or adding a dry-run mode.
Reading an untrusted agent could make the local environment contact arbitrary web or local-network URLs.
Reading an agent automatically fetches the tokenURI URL from on-chain data. That is useful for metadata, but the URL may be controlled by a third party and is not restricted to HTTPS or a known host.
if (agentURI && agentURI.startsWith("http")) { ... const res = await fetch(agentURI); ... result.parsedJson = (await res.json()); }Fetch external metadata only with user awareness, restrict to safe public HTTPS URLs where possible, and avoid reading unknown agent IDs in sensitive network environments.
Dependency or registry compromise could affect the code that handles wallet signing.
The skill asks users to install npm dependencies. This is expected for a Node-based blockchain CLI, but it relies on external package resolution at install time.
Run once to install dependencies:
```bash
cd {baseDir} && npm install
```Install from a trusted copy, review/audit dependencies, and prefer a lockfile or reproducible installation before configuring a funded private key.