Back to skill
Skillv1.0.2
ClawScan security
DeAI.au · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignFeb 27, 2026, 2:06 PM
- Verdict
- Benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill is internally consistent with its stated purpose (on-chain auction interactions) and only requests the tools/credentials needed to sign and submit transactions, but it requires control of an on-chain account so install only if you trust the code and the provided RPC/indexer endpoints.
- Guidance
- This skill appears to do exactly what it says: it provides shell scripts that use cast to query and transact with the DeAI contracts. Before installing or running it: 1) Understand that DEAI_ACCOUNT is a keystore/account name used to sign transactions — anyone who can use that account (and the optional DEAI_PASSWORD_FILE) can move your on-chain funds. Do not provide raw private keys as environment variables to unknown code. 2) Verify DEAI_RPC_URL and DEAI_INDEXER_URL values — pointing them to untrusted endpoints could surface false auction data or malicious metadata. Prefer official RPCs/indexers or run your own indexer. 3) Review the included scripts yourself (they are present) and test on a non-custodial test account or testnet before using a mainnet account with real funds. 4) If you need autonomous operation, use a dedicated account with limited funds and protect DEAI_PASSWORD_FILE (chmod 600). 5) Note small documentation mismatch: scripts use DEAI_RPC_URL and other env overrides that aren’t listed as required in SKILL.md — ensure you set those explicitly if needed.
Review Dimensions
- Purpose & Capability
- okName/description match the concrete files and actions. Required binaries (cast, curl, jq, python3) and the Foundry brew formula (cast) are appropriate for building and submitting EVM transactions and parsing indexer responses. Required env vars (DEAI_ACCOUNT, contract addresses, DEAI_INDEXER_URL) map to the marketplace functions the scripts perform.
- Instruction Scope
- noteRuntime instructions and scripts stay within the marketplace domain: they call the discovery endpoint, the configured indexer, and on-chain contracts via cast. They read only a keystore/account via cast and an optional DEAI_PASSWORD_FILE. Note: scripts do rely on DEAI_RPC_URL, DEAI_USDC_ADDR and other optional env overrides (present in _common.sh and reference.md) even though DEAI_RPC_URL was not listed among the SKILL.md's declared required env vars — this is a minor inconsistency but not malicious. The scripts fetch data from DEAI_INDEXER_URL (user-configurable) which, if pointed at an attacker-controlled indexer, could present manipulated auction metadata; this is expected behavior but worth caution.
- Install Mechanism
- okInstall spec uses Homebrew formulas (foundry, jq, python3) — a low-risk, common mechanism. The foundry formula provides the cast CLI required for EVM RPC calls. No arbitrary URL downloads or extract-from-untrusted-host operations are present.
- Credentials
- noteThe skill requests DEAI_ACCOUNT as the primary credential — appropriate because the scripts must sign/send transactions. Several other env variables are requested for contract addresses and indexer URL; these align with the marketplace purpose. Caveat: DEAI_ACCOUNT grants the ability to submit on-chain transactions from that account (and thereby move funds). Users should understand this high-sensitivity privilege. Also the scripts reference optional envs (DEAI_PASSWORD_FILE, DEAI_RPC_URL, DEAI_USDC_ADDR, adapter overrides) that are not all enumerated in the SKILL.md's required env list — this mismatch is informational but not a functional contradiction.
- Persistence & Privilege
- okalways:false and agent-autonomy settings are normal. The skill does not request permanent platform-wide privileges or attempt to modify other skills or system-wide agent settings. The main privilege is the ability to sign transactions using the provided account, which is a normal necessity for a marketplace skill.