Back to skill
Skillv0.1.0
ClawScan security
Xian Node · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignFeb 11, 2026, 9:21 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's files and runtime instructions are consistent with its stated purpose (deploying and managing Xian blockchain nodes); nothing in the bundle requests unrelated credentials or contains clandestine network exfiltration.
- Guidance
- This skill appears coherent for running Xian nodes, but take normal operational precautions before using it: 1) Verify the upstream xian-stack repository and the seed-node IP (the skill references a specific IP) so you aren't pointed to an untrusted peer. 2) Avoid pasting validator private keys directly into shell commands (use stdin, a protected file, or an interactive prompt) to prevent leakage in shell history or process lists. 3) Inspect the Docker images and any cloned repository before running them, and run builds in an isolated environment if possible. 4) Use the included scripts locally only — generate keys offline and keep private keys secret. If you want higher assurance, confirm the skill's author/source or compare these instructions to the official Xian docs/repository first.
Review Dimensions
- Purpose & Capability
- okName/description (Xian node management) aligns with included content: SKILL.md contains build/run/config instructions and the two helper Python scripts match expected tooling (key generation, RPC status). No unrelated env vars, binaries, or config paths are requested.
- Instruction Scope
- noteInstructions stay within node setup/management scope. Minor concerns: SKILL.md shows example commands that embed a validator private key on the command line (risk of leaking to shell history or logs) and includes a hard-coded seed-node IP address — both are operational details users should verify before use.
- Install Mechanism
- okNo install spec — instruction-only plus two small scripts. This minimizes persistent install risk; scripts are simple and local-only (no remote downloads or extract steps).
- Credentials
- okSkill requests no environment variables or credentials. The generate_validator_key script intentionally prints private keys for validator use; the skill does not attempt to collect or transmit secrets.
- Persistence & Privilege
- okSkill does not request always-on or elevated privileges. It is user-invocable only and contains no code that modifies other skills or system-wide agent settings.