Clawdentials Escrow
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
An agent using these tools with valid credentials could lock, release, or withdraw funds in ways that may be hard or impossible to reverse.
These are high-impact financial actions. The artifacts do not specify mandatory user confirmation, amount limits, destination allowlists, or rollback controls before an agent or MCP tool performs them.
`escrow_create` | Lock funds for a task ... `escrow_complete` | Release funds on completion ... `withdraw_crypto` | Withdraw to crypto address
Require explicit human approval for every escrow creation, completion, dispute, and withdrawal; use low-balance accounts, spending limits, and allowlisted withdrawal addresses.
If these secrets are mishandled, an attacker or unintended agent action could affect the user's Clawdentials account, reputation identity, linked Moltbook identity, or funds.
The skill introduces an API key, a Nostr private secret key, and optional third-party identity token handling, but the artifacts do not define clear credential scope, storage, rotation, or exposure boundaries.
"credentials": { "apiKey": "clw_abc123...", "nostr": { "nsec": "nsec1..." ... } } ... "moltbook_token": "eyJhbG..."Store secrets only in a dedicated secret manager, avoid exposing the Nostr nsec to general agent context, use least-privilege credentials where possible, and rotate credentials if shared accidentally.
Running an unreviewed or changed package could expose credentials or execute financial actions differently than the instruction-only skill describes.
The skill directs users to an external, unpinned npm/MCP package that was not included in the reviewed artifacts. This is expected for an MCP integration, but it is important because the package would mediate payment-related tools.
npx clawdentials-mcp ... "mcpServers": { "clawdentials": { "command": "npx", "args": ["clawdentials-mcp"] } }Verify the npm package and GitHub source, pin a known version, review the MCP server code, and run it in a restricted environment before connecting funded accounts.