Skillv1.8.0

ClawScan security

Flap Skills · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

ReviewMar 5, 2026, 11:39 AM

Verdict: Review
Confidence: high
Model: gpt-5-mini
Summary: Skill functionality (creating tokens, trading, market‑making) matches the code, but the runtime instructions and scripts require/produce sensitive keys and files and the skill metadata does not declare those credentials — this mismatch and the skill's ability to generate/use private keys and perform on‑chain transactions autonomously are risky.
Guidance: This skill is functionally coherent (it really does create tokens, trade USDT, and run market‑making), but it requires and produces highly sensitive material that the metadata does not declare. Before installing or running: 1) Do not set or expose your MCP PRIVATE_KEY or other wallet private keys globally unless you fully trust the code and operator. 2) Review the scripts locally — mm-generate-workers.js will create private keys and write them to files (mm-workers-*.json); treat those files like real wallets (secure/delete if unused). 3) The skill will perform on‑chain transactions (approve, buy/sell, transfer) and can autonomously top up gas for worker wallets — avoid running this on mainnet with real funds until you audit and test on a testnet. 4) Verify the contract addresses (FlapSkill and USDT) independently; confirm the upload endpoint (https://funcs.flap.sh/api/upload) is expected. 5) If you proceed, run in a sandboxed environment, use throwaway/test wallets, and never supply high‑value private keys to the skill until you have audited and are comfortable with its behavior.

Review Dimensions

Purpose & Capability: concernThe skill’s code and SKILL.md implement the described features (create V5 tokens, buy/sell via USDT, market‑making with worker wallets). However the metadata declares no required env vars/credentials while the instructions and scripts clearly depend on BNB Chain MCP and other runtime secrets. That omission is an incoherence: the skill expects sensitive credentials (MCP PRIVATE_KEY in practice, plus multiple worker private keys and funder addresses) but the manifest does not list them.
Instruction Scope: concernSKILL.md instructs the agent to cd into the skill directory, run npm install, execute bundled scripts, generate worker private keys, run market‑maker (mm-bot) and upload metadata. The scripts create and read local private key files (mm-generate-workers.js, mm-collect.js, mm-bot.js) and can invoke transactions (approve, buyForCaller, sellForCaller, transfer). The doc also states the agent will autonomously top up worker gas and control buy/sell rounds. These are not limited to harmless tasks — they create and use wallets and perform on‑chain transfers without per‑transaction user confirmation.
Install Mechanism: noteNo formal install spec in registry (instruction-only), but SKILL.md tells the agent to run npm install which pulls standard npm packages (axios, viem, form-data). Dependencies come from public npm registry (traceable). This is moderate risk because code will be written and executed locally when the agent runs npm install and node scripts.
Credentials: concernThe skill manifest lists no required env vars, yet the scripts expect and use multiple sensitive variables: MCP/PRIVATE_KEY (via MCP skill), FUNDER_ADDRESS, TOKEN_CA, COLLECT_TO_ADDRESS, PRIVATE_KEYS or PRIVATE_KEYS_FILE, PRIVATE_KEYS_MM, TARGET_ADDRESS, RPC_URL, etc. The skill also generates worker private keys and writes them to disk. Requesting/using these secrets is proportionate to market‑making only if the user intentionally provides them and understands the risks — but the manifest fails to declare or justify them explicitly.
Persistence & Privilege: concernalways:false (good), but the skill will write worker key files into the local working directory and assumes it can run long‑running market‑maker processes that autonomously send transactions (including gas top‑ups) using provided keys. Autonomous invocation combined with access to private keys and the ability to transfer funds raises the potential blast radius if the skill is misused or flawed.