Back to skill
Skillv1.0.0
ClawScan security
8004 Harness For Monad · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
ReviewFeb 13, 2026, 3:53 PM
- Verdict
- Review
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill's code and instructions match its stated purpose (minting and managing ERC-8004 identity NFTs) but the package metadata and installation descriptors are inconsistent with the code and required secrets — and the skill asks for highly sensitive credentials (a private key and Pinata JWT) that must be handled carefully.
- Guidance
- This skill appears to implement the ERC-8004 registration flow correctly, but there are several things to consider before installing or running it: - Metadata mismatch: The skill registry metadata claims no required env vars and 'instruction-only', but the skill includes scripts and does require several environment variables (MONAD_RPC_URL, MONAD_CHAIN_ID, AGENT_PRIVATE_KEY, PINATA_JWT). Treat that discrepancy as a red flag and prefer packages whose manifest accurately lists required secrets and dependencies. - Sensitive credentials: The scripts require AGENT_PRIVATE_KEY (used to sign transactions) and PINATA_JWT (used to upload to Pinata). Only provide a private key with minimal MON balance and permissions (do not use your primary/mainnet key). Consider using an ephemeral or hardware-backed signing mechanism, or using a signing service that keeps keys off the skill runtime. - External uploads: The skill uploads the registration JSON to Pinata (external third-party). That means your registration metadata will be sent to Pinata. If you need privacy, host on your own IPFS node or use a private gateway. - Missing install details: package.json lists Node dependencies (pinata, viem) but no install instructions are present. Ensure you run the scripts in an environment with those dependencies installed and audit how they are installed (avoid blind downloads from unknown URLs). - Code review: The repository code is small and readable; review the scripts (especially common.mjs and full-register.mjs) yourself or have a developer review them to confirm no hidden endpoints or exfiltration. Verify the contract address and ABI are expected for your environment. - Operational safety: Run first on testnet (monad-testnet) with a throwaway wallet and small funds. Confirm the returned agentId, tokenURI, and on-chain ownership before using any key with higher value. If you proceed, insist that the skill author update the metadata to list required env vars and provide an install specification or packaged runtime so you can more confidently assess what will be installed and what credentials are required.
Review Dimensions
- Purpose & Capability
- concernThe scripts and SKILL.md implement ERC-8004 registration flows (register, build card, upload to Pinata, set token URI) that align with the skill description. However, the registry metadata declared 'Required env vars: none' and 'No install spec / instruction-only', while the SKILL.md and included scripts clearly require environment variables (MONAD_RPC_URL, AGENT_PRIVATE_KEY, PINATA_JWT, optional PINATA_GATEWAY) and Node dependencies (pinata, viem). This metadata/inventory mismatch is an incoherence that should be resolved before trusting the package.
- Instruction Scope
- noteRuntime instructions are narrowly scoped to on-chain registration, building a registration JSON, uploading it to Pinata, setting the on-chain URI, and persisting an identity file. Those actions require network access and a signing key (AGENT_PRIVATE_KEY). The instructions do fetch and parse external data (IPFS via a Pinata gateway) and write an identity file under the workspace; these behaviors are expected for the stated purpose but involve transmitting registration JSON to an external service (Pinata).
- Install Mechanism
- concernNo install spec is provided even though package.json lists dependencies (pinata, viem) and the SKILL.md references a Docker image path (/opt/erc8004-scripts). The absence of an install step means it's unclear how required Node modules are supplied; that ambiguity increases operational risk (scripts may fail or rely on an environment that has network-capable Node modules installed).
- Credentials
- concernThe env vars required by the scripts (MONAD_RPC_URL, MONAD_CHAIN_ID, AGENT_PRIVATE_KEY, PINATA_JWT, optional PINATA_GATEWAY) are logically required for minting and uploading, so they are proportionate to the task. However, the top-level skill metadata does not declare them, creating a mismatch. AGENT_PRIVATE_KEY is highly sensitive — supplying a key with broad wallet access has financial risk and must be minimized (use a key with only required funds/permissions or a hardware/ephemeral signing approach).
- Persistence & Privilege
- okThe skill does not request always:true, does not modify other skills, and only writes files under the agent workspace (/root/.openclaw/workspace/AGENT_IDENTITY.md or provided paths). Autonomous invocation is allowed (platform default) but not combined with any unusual permanence or system-wide configuration changes.