Skillv1.0.0

ClawScan security

ENS (Ethereum Name Service) · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousFeb 11, 2026, 9:24 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's purpose (ENS name/address resolution) is coherent, but the runtime instructions assume undeclared credentials and dependencies (e.g., GRAPH_API_KEY, Node/viem) and make other implicit environment assumptions — these mismatches should be resolved before trusting the skill.
Guidance: This skill appears to implement ENS resolution correctly at a high level, but it has important mismatches you should address before installing: - Undeclared credential: SKILL.md uses a GRAPH_API_KEY for The Graph gateway, but the skill metadata lists no required env vars. Ask the author to either remove The Graph option or declare GRAPH_API_KEY in requires.env and explain when it is needed. - Undeclared dependencies: The Node/viem fallback assumes node and viem are available in the runtime. If you plan to let the agent use that fallback, require an explicit install spec or list node/viem as required dependencies; otherwise the fallback will fail. - External endpoints & privacy: The skill calls web3.bio and metadata.ens.domains and may surface profile fields (email, social handles). Confirm you are comfortable with these outbound requests and how profile PII will be displayed/stored. Consider limiting profile fields fetched if privacy is a concern. - Transaction guidance: The skill correctly advises always resolving to a 0x address and confirming with the user before sending funds. Before using the registration/contract sections, verify the full contract addresses and gas/price logic (the SKILL.md was truncated in your copy). If you cannot verify or modify the skill, treat it as untrusted: do not provide private keys or other secrets to the skill, and require explicit, documented env vars and dependency installation from the author before enabling it in production.

Review Dimensions

Purpose & Capability: noteThe skill's stated purpose (forward/reverse ENS resolution, profile lookup, and management) aligns with the instructions. However, parts of the implementation assume access to services or tooling (The Graph with an API key, Node + viem present in project deps, and a call to an external 'defi_get_wallet' capability) that are not declared in the skill metadata. These assumptions are plausible for an ENS skill but should be explicitly declared.
Instruction Scope: concernSKILL.md tells the agent to call external HTTP APIs (The Graph gateway, web3.bio, metadata.ens.domains) and to use a Node/viem fallback. It also references an env var (GRAPH_API_KEY) and other tool outputs (defi_get_wallet) although the skill metadata declares no env vars or required binaries. The instructions therefore access external endpoints and undeclared environment state; the agent could fail or leak user data if these implicit expectations aren't made explicit.
Install Mechanism: noteThere is no install spec (instruction-only), which is low risk. However, the document assumes 'viem is in the project deps' and shows a Node fallback — that dependency is not provided or installed by the skill, so the fallback may not work in practice. No remote downloads or suspicious install URLs are present.
Credentials: concernThe instructions require/use GRAPH_API_KEY for The Graph calls but requires.env is empty in the metadata — an undeclared credential. The skill otherwise asks for no credentials, which is appropriate for lookups, but the missing declaration is a mismatch and could cause either failure or accidental leakage if implementers try to supply keys incorrectly. The skill also suggests fetching profile data (which can include PII like email) from web3.bio — that is functionally relevant but raises privacy considerations that aren't documented.
Persistence & Privilege: okThe skill does not request always:true, does not declare persistent system-wide changes, and contains no install-time modifications. It recommends session caching of lookups, which is reasonable and limited in scope.