doginals
PassAudited by VirusTotal on May 11, 2026.
Overview
Type: OpenClaw Skill Name: doginals Version: 1.0.2 The skill bundle is classified as suspicious due to several critical vulnerabilities. The `install.sh` script uses `curl | bash` for Node.js installation, which is a supply chain risk, and creates `dogecoin.conf` with hardcoded placeholder RPC credentials. More critically, the `.doginals-main/auto_inscriber_v4.py` script uses `subprocess.run(..., shell=True)` with unsanitized user inputs, creating a shell injection vulnerability (RCE risk). A similar shell injection vulnerability exists in `.doginals-main/bulk-mint.sh` by directly passing unsanitized arguments to `node` commands. While these are severe flaws, there is no clear evidence of intentional malicious behavior such as data exfiltration to unauthorized endpoints or backdoor installation, classifying them as vulnerabilities rather than malware.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing the skill can make privileged system changes and trust remote code outside the reviewed package.
The install script runs a remote setup script with root privileges and installs downloaded binaries system-wide, while the registry presents the skill as having no install spec.
curl -fsSL https://deb.nodesource.com/setup_14.x | sudo -E bash - ... sudo cp dogecoin-1.14.6/bin/* /usr/local/bin/
Do not run install.sh blindly; inspect it first, verify Dogecoin Core downloads and checksums, and prefer a sandboxed or dedicated machine.
A crafted address, directory, or filename could cause commands other than minting to run on the user's computer.
The script builds a shell command from interactive inputs and file paths, then executes it with shell=True, which can allow command injection if those values contain shell metacharacters.
mint_command = f"node . mint {doge_address} {image_path}"
result_mint = subprocess.run(mint_command, shell=True, capture_output=True, text=True)Run this only with trusted paths and values; the maintainer should replace shell=True string execution with an argument list such as subprocess.run(['node', '.', 'mint', doge_address, image_path]).
If the agent or script runs the wrong command, it can spend wallet funds, mint tokens, split UTXOs, or send funds on-chain.
The code reads a local wallet file and uses its private key to sign Dogecoin transactions, which is high-impact financial authority.
const WALLET_PATH = process.env.WALLET || '.wallet.json' ... let wallet = JSON.parse(fs.readFileSync(WALLET_PATH)) ... tx.sign(wallet.privkey)
Use only a dedicated low-value inscription wallet, keep private keys backed up and protected, and require explicit user approval before any mint/send/split command.
A later harmless-looking command could broadcast old or unexpected blockchain transactions without a fresh confirmation step.
Before processing the requested command, the program automatically rebroadcasts serialized pending transactions if a local pending-txs.json file exists.
if (fs.existsSync('pending-txs.json')) { ... await broadcastAll(txs.map(tx => new Transaction(tx)), false) ... return }Check for and review pending-txs.json before running the tool, and the maintainer should require explicit confirmation before rebroadcasting.
A wrong count, address, or token name can create many unwanted transactions and fees.
The bulk mint script intentionally repeats on-chain mint operations in a loop, which is aligned with the skill purpose but can multiply fees and irreversible actions.
while [ $count -lt $max_count ]; do ... node . drc-20 mint "$target_address" "$token_name" 1000 12 ... sleep 200 ... done
Test with a very small count and balance first, and verify all destination addresses and token parameters before bulk minting.