ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

On-Chain Skill Audit

v0.1.1

On-chain skill provenance registry. Check, register, audit, and vouch for agent skills on Solana. Use when evaluating skill safety, registering new skills, or looking up provenance before installation.

0· 1.4k·2 current·2 all-time
byRocket@emanz1

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for emanz1/onchain-skill-audit.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "On-Chain Skill Audit" (emanz1/onchain-skill-audit) from ClawHub.
Skill page: https://clawhub.ai/emanz1/onchain-skill-audit
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Canonical install target

openclaw skills install emanz1/onchain-skill-audit

ClawHub CLI

Package manager switcher

npx clawhub@latest install onchain-skill-audit
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The skill claims to be an on‑chain provenance/audit registry on Solana, and the SKILL.md describes read/write operations to on‑chain tables and hashing of skill.md content — this is coherent with the stated purpose. However, the instructions reference npm packages (@rocketlabs/skill-audit, @iqlabs-official/solana-sdk, @solana/web3.js) and require a Solana signer/wallet and IQ token holdings for certain writes; none of these dependencies or credentials are declared in the skill metadata. That mismatch should be clarified.
!
Instruction Scope
Runtime instructions tell the agent to read arbitrary local files (register-skill <path> reads skill.md at the given path) and to optionally 'inscribe full report via codeIn' (which would publish full content on-chain/publicly). They also reference running an external tool (ZeroLeaks) without specifying where it runs or what it sends. Reading arbitrary user filesystem paths and publicly inscribing content are both high‑sensitivity actions that the skill does not explicitly disclose or restrict.
Install Mechanism
There is no install spec (instruction-only), which limits what gets written to disk by the skill itself — a low‑risk model. However, the SKILL.md depends on specific npm packages and a Buffer monkey‑patch; because no install steps are provided, the agent/user must already have these packages and environment patches present. That implicit dependency should be declared or an install mechanism provided.
!
Credentials
The skill metadata declares no required environment variables or credentials, but the instructions clearly require a Solana connection plus a signer/wallet (and IQ token holdings) to perform register/audit/vouch writes. This is a substantive mismatch: writes will require signing capability and potentially access to a wallet/private key. The skill should explicitly declare what credentials it needs and how signing is performed, because signing transactions can publish private data or spend SOL/tokens.
Persistence & Privilege
The skill is not flagged as always:true and doesn't request persistent agent privileges. It is user‑invocable and can be run autonomously (default), but that is normal; nothing in the metadata indicates it will modify other skills or system settings.
What to consider before installing
Before installing or running this skill, consider the following: (1) it will read local skill.md files you point it at and can publish full reports on-chain — do not register or inscribe content you don’t want public; (2) the SKILL.md expects npm packages and a Solana signer/IQ token but the skill metadata does not declare them — confirm how the agent will obtain signing capability (never supply private keys unless you understand and trust the process); (3) ask the publisher for an explicit install guide and a privacy statement about what gets inscribed to chain and where ZeroLeaks/codeIn upload data; (4) verify the referenced program ID and npm package names independently (typosquatting is possible); (5) if you only want to read registry data, prefer read-only operations and avoid giving signer access or running inscription steps.

Like a lobster shell, security has layers — review code before you run it.

agent-safetyvk975ac73d9a2sdr4wvdnngw78x80vzp2auditvk975ac73d9a2sdr4wvdnngw78x80vzp2latestvk97855gk1g07a260xr6ype4a1h80tv87provenancevk975ac73d9a2sdr4wvdnngw78x80vzp2securityvk975ac73d9a2sdr4wvdnngw78x80vzp2solanavk975ac73d9a2sdr4wvdnngw78x80vzp2
1.4kdownloads
0stars
2versions
Updated 17h ago
v0.1.1
MIT-0
Rocket@emanz1
agent-safetyauditlatestprovenancesecuritysolana
Download

Skill Audit — On-Chain Provenance Registry

Commands

/check-skill <name>

Look up on-chain provenance for a skill before installing.

  1. Read all three tables (registry, audits, vouches) for the given skill ID
  2. Compute trust level from audit verdicts
  3. Display: trust badge, author, hash, version, audit history, vouch count

/audit-skill <name> <severity>

Submit an audit verdict (requires IQ tokens in wallet). Severities: S (secure), L (low), M (medium), H (high), C (critical) Optionally run ZeroLeaks first and inscribe full report via codeIn.

/vouch-skill <name> [score]

Community endorsement. Score 1-5 (default 5).

/register-skill <path>

Register a local skill with on-chain hash.

  1. Read skill.md at given path
  2. Normalize and SHA-256 hash the content
  3. Write registration row with short hash (first 8 hex chars)

Trust Badges

  • MALICIOUS: BLOCK installation, warn user
  • FLAGGED: Strong warning
  • CAUTIONED: Mild warning
  • VERIFIED: Green checkmark
  • AUDITED: Has audits but not yet verified secure
  • REGISTERED: In registry, no audits yet
  • UNKNOWN: Not in registry — warn "no on-chain provenance"
  • Hash mismatch: Warn "content differs from registered version"

Implementation

Package: @rocketlabs/skill-audit

const { checkSkill, registerSkill, auditSkill, vouchForSkill, hashSkill } = require('@rocketlabs/skill-audit');

checkSkill({ connection, skillId, rpcUrl })

Returns: { trustLevel, skill, audits, vouches, summary } Free (RPC read only, no SOL needed).

registerSkill({ connection, signer, skillId, author, shortHash, version, codeInTx, rpcUrl })

Writes to skill_registry table. Public — anyone can register.

auditSkill({ connection, signer, skillId, auditor, severity, categories, codeInTx, rpcUrl })

Writes to skill_audits table. IQ-token-gated — signer must hold IQ tokens. Severity: S/L/M/H/C. Categories: dir,enc,per,soc,tec,cre,mny,cot,pol,asc,ctx,sem,too,sir,ech

vouchForSkill({ connection, signer, skillId, voucher, score, rpcUrl })

Writes to skill_vouches table. Public — anyone can vouch. Score 1-5.

hashSkill(content)

Returns: { fullHash, shortHash } — SHA-256 of normalized content.

On-Chain Architecture

  • Program: 9KLLchQVJpGkw4jPuUmnvqESdR7mtNCYr3qS4iQLabs
  • DB Root ID: skill-audit
  • Tables: skill_registry (public), skill_audits (IQ-gated), skill_vouches (public)
  • Row limit: ~100 bytes. Full data via codeIn inscriptions.
  • Reads are free. Only writes cost SOL.
  • Append-only. No in-place updates. Version counter for re-registration.

Prerequisites

  • @iqlabs-official/solana-sdk v0.1.1+ (CommonJS required)
  • @solana/web3.js v1.x
  • Solana wallet for writes
  • IQ tokens for audit writes (token mint: 3uXACfojUrya7VH51jVC1DCHq3uzK4A7g469Q954LABS)
  • Buffer monkey-patch applied (handled automatically by the package)

Comments

Loading comments...