Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Dogecoin Node
v1.0.5A skill to set up and operate a Dogecoin Core full node with RPC access, blockchain tools, and optional tipping functionality.
⭐ 2· 684·3 current·3 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
medium confidencePurpose & Capability
Name/description, package.json permissions, and the SKILL.md all describe node operation, RPC usage, health checks, and a SQLite-based tipping engine. The declared filesystem and network targets in package.json (~/.dogecoin, ~/.openclaw workspace, github.com, api.coingecko.com, 127.0.0.1) are appropriate for this functionality and align with the skill's purpose.
Instruction Scope
The SKILL.md goes beyond passive instructions: it directs downloading a Dogecoin Core release, extracting binaries into the user home, creating/starting the node, writing config files containing rpcuser/rpcpassword under ~/.dogecoin, and creating persistent scripts under ~/.openclaw/workspace (health check and references to a tipping engine). These steps are consistent with running a node but grant the skill the ability to create persistent components, restart the daemon, and execute wallet operations (including send and dumpprivkey). The instructions do not request external endpoints beyond CoinGecko/GitHub/localhost, but they do suggest cron/dashboard integration which creates long-lived behavior — review who can invoke the skill because invoked commands can move funds.
Install Mechanism
There is no formal install spec in the registry; installation is manual via SKILL.md using curl to a GitHub release tarball and extracting to ~/bin. GitHub Releases is a reasonable source, but the skill requires writing/executing downloaded binaries and creating symlinks in the user's home directory. That is expected for this use case but always warrants verifying the download (checksums/signatures) before running.
Credentials
The skill declares no required environment variables and does not request unrelated credentials. It relies on dogecoin.conf for rpcuser/rpcpassword (normal for bitcoin-family nodes). The package.json permissions and needed commands (dogecoind, dogecoin-cli, sqlite3, python3, curl, jq) match the described functionality. No extraneous cloud credentials or unrelated secrets are requested.
Persistence & Privilege
The skill writes long-lived files under ~/.openclaw/workspace and suggests adding a cron job for periodic health checks, which gives it persistent background behavior on the host. always:false (not force-included) and default autonomous invocation are normal, but because the skill can run wallet/send commands and restart daemons, you should limit who/what can trigger it in your OpenClaw setup.
Assessment
This skill appears to do what it claims, but it requires you to: (1) download and run Dogecoin Core binaries (verify the GitHub release and its checksum/signature before running); (2) create and store RPC credentials in ~/.dogecoin/dogecoin.conf — keep those credentials private and local; (3) allow the skill to write scripts and a SQLite tipping DB under ~/.openclaw/workspace and optionally add a cron job (this creates persistent background behavior); (4) be aware that the skill exposes commands that can transfer funds (e.g., /dogecoin-node send and dumpprivkey) — ensure only trusted users or properly authenticated interfaces can invoke those commands; (5) verify or review any tipping engine code (the referenced Python tipping script is not included) before deploying it. Also confirm you have sufficient disk space (node data >>100GB), and consider running initial tests in a sandbox or VM if you want to limit potential impact.Like a lobster shell, security has layers — review code before you run it.
latestvk97c8s5yktfmzcw70219e6d2858287e2
License
MIT-0
Free to use, modify, and redistribute. No attribution required.