Dogecoin Node
WarnAudited by ClawScan on May 10, 2026.
Overview
The skill mostly matches its Dogecoin-node purpose, but it can directly spend Dogecoin from a local wallet and runs shell-based commands with limited safeguards.
Install only if you are comfortable giving the skill access to a local Dogecoin Core wallet. Use a dedicated low-balance or testnet wallet, verify Dogecoin Core downloads, review any created health/tipping scripts, and do not enable send or cron behavior without clear confirmation controls.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A mistaken, unauthorized, or unsafe invocation could move real DOGE; if parameters are not safely escaped by the platform, malicious input could also affect the local shell command.
The send command is executed through a shell handler with user-controlled recipient and amount parameters, and it can broadcast a real Dogecoin transaction. The artifacts do not show validation, shell escaping, confirmation, or spend limits.
"trigger": "/dogecoin-node send", ... "handler": "bash", "script": "$HOME/dogecoin-cli -datadir=$HOME/.dogecoin sendtoaddress {{recipient}} {{amount}}"Use strict Dogecoin address and amount validation, avoid shell interpolation where possible, require explicit user confirmation for every send, add maximum spend limits, and prefer testnet or watch-only defaults.
The skill can act with the privileges of the user's local Dogecoin wallet and may spend funds from whichever wallet is available to Dogecoin Core.
The skill requests access to the local Dogecoin data directory and localhost RPC path and includes a command that spends from the loaded wallet, which is broader than read-only node monitoring.
"filesystem": ["~/.dogecoin", ...], "network": ["github.com", "api.coingecko.com", "127.0.0.1"], ... "sendtoaddress {{recipient}} {{amount}}"Use a dedicated low-balance wallet, keep wallets encrypted and locked by default, restrict RPC to localhost, avoid loading valuable wallets into this node, and require separate approval before any spend.
If the downloaded binary or download path were compromised, the user could install untrusted node software.
Downloading Dogecoin Core is expected for this skill, but the instructions do not show checksum or signature verification before extracting and using the binaries.
curl -L -o dogecoin-1.14.9-x86_64-linux-gnu.tar.gz ... github.com/dogecoin/dogecoin/releases/download/v1.14.9/dogecoin-1.14.9-x86_64-linux-gnu.tar.gz
Download only from the official Dogecoin release page and verify checksums or release signatures before extracting or running binaries.
The node and health checks may continue consuming disk, CPU, and network resources, and may restart the node without a fresh prompt.
The skill recommends persistent scheduled execution of a health script. This is coherent for node monitoring, but it means the skill-related automation can keep running after setup.
Dashboard Integration: Navigate to the Cron Jobs tab and add a new entry pointing to the health script. Recommended Interval: `*/30 * * * *`
Only enable the cron job if you want continuous monitoring, review the health script first, monitor disk usage, and remove the cron entry when no longer needed.