Skillv1.0.3

ClawScan security

Gate DEX Wallet · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

ReviewApr 7, 2026, 10:33 AM

Verdict: Review
Confidence: medium
Model: gpt-5-mini
Summary: The skill's stated wallet purpose aligns with many of the files and scripts, but there are notable inconsistencies (missing prebuilt binaries referenced by runtime instructions), multiple external endpoints, and installer scripts that modify user platform configs and install global software — so you should review the items called out before installing or running anything.
Guidance: This package looks like a legitimately scoped wallet skill, but several red flags deserve attention before you run anything: - Missing prebuilt binaries: SKILL.md requires prebuilt tx-checkin binaries under tools/tx-checkin/bin/, but the manifest you provided doesn't include them. Confirm the presence and provenance of those binaries before running the skill — the runtime requires them and they are central to signing flows. - External gateway behavior: The tx-checkin flow posts txBundle/intent data to an external gateway (multiple hostnames appear in docs/changelog). That will transmit transaction details (and may return checkin tokens). Verify the gateway's official ownership and privacy policy; if you don't trust that endpoint, do not run tx-checkin or send txBundle data. - Installer side-effects: install.sh and install_cli.sh will modify AI platform config files, copy skill folders into user platform directories, append to routing files, and may run npm install -g gate-wallet-cli. Review the scripts line-by-line, back up files like ~/.cursor/mcp.json, ~/.codex/config.toml, CLAUDE.md and AGENTS.md, and prefer manual configuration over running the automated installer. - Secrets storage: The CLI installer will optionally write OpenAPI keys to ~/.gate-dex-openapi/config.json. If you provide credentials, ensure file permissions and storage meet your security policy. Recommendations to reduce risk: 1) Inspect or obtain the missing tx-checkin binaries from a trusted, verifiable release (signed or from an official Gate repo) before use. 2) Verify the gateway endpoints' ownership and TLS certs; prefer an organization-controlled gateway you trust. 3) Run the installers in a controlled environment or step through manual configuration instead of running the scripts wholesale. 4) If unsure, do not provide API/secret keys, and do not run global npm installs until you vet gate-wallet-cli source. I assessed this as 'suspicious' (medium confidence) because the skill's purpose fits the artifacts provided but key runtime pieces are missing or inconsistent and the installers perform invasive configuration changes and will transmit transaction data to external services. Additional evidence (included, signed tx-checkin binaries and a clear, single official gateway URL) would raise confidence toward benign.

Review Dimensions

Purpose & Capability: noteThe name and description (wallet account management, auth, balances, transfers, x402 payments, DApp interactions, CLI) align with the included documentation and installer scripts. However SKILL.md mandates use of prebuilt terminal 'tx-checkin' binaries under tools/tx-checkin/bin/ (users 'do not compile'), yet the provided manifest of files does not include a tools/ directory or those binaries. That mismatch (instructions require a binary that isn't present in the package) is an inconsistency worth attention.
Instruction Scope: concernSKILL.md requires executing a terminal 'tx-checkin' flow and explicitly instructs the agent to write user preview data (txBundle) to a file and run the prebuilt binary which performs a POST to a gateway. That sends transaction-related data to an external web API (several different gateway hosts appear in changelog/README). The instruction to always perform a terminal check-in and to pass checkin_token to MCP tools means sensitive transaction details and tokens will be transmitted externally; combined with the missing binaries and remote rules reference, this increases risk and scope creep beyond purely local queries.
Install Mechanism: noteThere is no formal install spec in the registry, but two provided shell installers (install.sh and install_cli.sh) perform real filesystem and platform configuration changes: they write/append platform config files (~/.cursor/mcp.json, ~/.codex/config.toml), create or append CLAUDE.md/AGENTS.md, copy skill directories into ~/.cursor/skills, and run npm install -g gate-wallet-cli. Global npm installation and automated edits to existing platform files is a moderate-risk behavior — expected for a CLI/skill installer but invasive; review scripts before running. The package does not auto-download arbitrary archives from unknown hosts, but it will run npm and could call external CLIs if present.
Credentials: noteThe skill declares no required env vars in registry metadata, which fits a documentation/routing skill. In practice the docs and installers reference optional overrides (TX_CHECKIN, TX_CHECKIN_GATEWAY_BASE) and the CLI installer prompts the user to save OpenAPI API/Secret to ~/.gate-dex-openapi/config.json. Requesting and storing API keys locally is reasonable for hybrid CLI flows, but the skill also documents gateway endpoints used by the tx-checkin binary — environment and credential access is moderate and should be limited to what the user explicitly consents to.
Persistence & Privilege: concernThe installers modify other tools' configuration files (Cursor/Claude/Codex/OpenClaw configs), append routing docs (CLAUDE.md / AGENTS.md), copy skill directories into platform skill folders, and may install a global npm CLI. Those are persistent, cross-tool changes. While 'always' is false and the skill does not auto-enable itself, the installer scripts request broad filesystem and platform configuration changes that require explicit user attention and backup; altering other skills' routing files is particularly sensitive.