Back to skill
Skillv1.0.3
ClawScan security
zscore · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignFeb 11, 2026, 9:12 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's code and runtime instructions match its stated purpose (registering/managing Zeru ERC‑8004 agents) and the requested resources (node, npx, PRIVATE_KEY) are proportionate, but the user must understand the risks of supplying a private key and posting registration metadata to external APIs.
- Guidance
- This skill appears to do exactly what it claims (register and manage Zeru ERC‑8004 agents). Before installing or enabling it: 1) Understand that you must provide a PRIVATE_KEY environment variable for write actions — that key can sign transactions and move funds, so only use a wallet/key you control and are willing to use for this purpose (consider a separate low‑value key). 2) Registration JSON and signed headers are sent to external endpoints (agenturi.zpass.ai / agentapi.zpass.ai); do not include any secrets or private data in the agent JSON. 3) Review the included scripts locally (they are provided) before running npm install / npx tsx to confirm there are no modifications you’re uncomfortable with. If you need a higher assurance review, ask for a line-by-line audit of the scripts or run them in an isolated environment with a throwaway key.
- Findings
[pre-scan] expected: No regex-based injection signals were detected. The lack of findings is unsurprising for well-structured SDK code that performs network calls and signing.
Review Dimensions
- Purpose & Capability
- okThe name/description say it will register agents, manage wallets/metadata and read on‑chain state — the code implements those operations (createAgentURI, registerAgent, setMetadata, getAgent, etc.). Required binaries (node, npx) and the PRIVATE_KEY env var are expected for signing transactions and running the provided TypeScript CLI.
- Instruction Scope
- noteSKILL.md instructs running npm install and npx tsx on the included scripts; the CLI reads user-supplied JSON files, signs requests, posts agent registration JSON to agentUriApiBase and agentapi.zpass.ai, and performs on‑chain reads/writes. These behaviors are consistent with the stated purpose, but the skill will transmit the agent registration JSON (and signed authentication headers) to external services, so users should avoid putting secrets in the registration JSON.
- Install Mechanism
- okThere is no automatic download-from-arbitrary-URL install step. The package.json lists reasonable npm dependencies (ethers, zod, canonicalize, tsx). The SKILL.md requires the operator to run npm install manually — no untrusted archive downloads or obscure URLs in installation.
- Credentials
- noteOnly PRIVATE_KEY is required for write operations (with optional RPC_URL and CHAIN_ID overrides). That is proportionate to signing on‑chain transactions, but a PRIVATE_KEY is highly sensitive: supplying it grants the skill the ability to sign transactions and move funds from that account. The SKILL.md and code do not request unrelated secrets or other service API keys.
- Persistence & Privilege
- okThe skill is not set to always: true and does not modify other skills or system settings. It runs as a normal, user-invoked CLI and does not request elevated platform persistence.