v0.0.1-main.4.1

Zeko

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 8:12 AM.

Analysis

Zeko is coherent and purpose-aligned, but it asks the agent to use wallet private keys, a GitHub token, and CLI flows that can sign and submit blockchain transactions, so it should be reviewed carefully before installation.

GuidanceInstall only if you intend the agent to help with Zeko bridge, faucet, and builder workflows. Use disposable testnet keys, avoid mainnet wallet secrets, minimize the GitHub token scope, and confirm every transaction route, amount, recipient, and network before allowing the agent or CLI to sign or submit anything.

Findings (4)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation

SeverityMediumConfidenceHighStatusConcern

references/30-bridge-and-faucet.md

Use `bridge` by default. It signs, submits, waits, retries transient checks, advances queued claims in order, and keeps running until the requested bridge reaches a terminal result.

The documented default bridge flow performs signing and submission, so an agent following the skill can initiate state-changing blockchain operations.

User impactA mistaken route, amount, recipient, or key could move testnet assets, consume fees, or leave a bridge operation running until completion.

RecommendationRequire explicit user confirmation for route, amount, recipient, network, and key before any signing or submission command; prefer testnet-only keys and use diagnostic commands first.

Agentic Supply Chain Vulnerabilities

SeverityLowConfidenceHighStatusNote

SKILL.md

install:\n      - kind: node\n        package: "@zeko-labs/bridge-cli"\n      - kind: node\n        package: "@zeko-labs/faucet-cli"\n      - kind: node\n        package: o1js

The skill installs external npm packages that are central to its purpose, but the artifact does not pin package versions.

User impactFuture package changes could affect what code runs when bridge, faucet, or o1js workflows are used.

RecommendationPin known-good package versions where possible and verify package provenance before using them with private keys or tokens.

Rogue Agents

SeverityLowConfidenceHighStatusNote

references/30-bridge-and-faucet.md

The CLI writes local logs and persisted operation state, so it is the right default for long-running bridge tasks that may need inspection.

The artifacts disclose long-running behavior and persistent local state for bridge operations; this is purpose-aligned but important for users to notice.

User impactBridge runs may continue for a while and leave local operational records after the task finishes.

RecommendationSupervise long-running bridge commands, know where operation state and logs are stored, and clean them up if they are no longer needed.

Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse

SeverityHighConfidenceHighStatusConcern

SKILL.md

requires:\n      env:\n        - WALLET_PRIVATE_KEY\n        - MINA_PRIVATE_KEY\n        - GITHUB_TOKEN\n        - PUBLIC_KEY\n        - ADDRESS

The skill declares multiple credentials as required, including wallet private keys and a GitHub token, for a broad skill that also includes read-only documentation and endpoint workflows.

User impactIf these environment variables are made available to the agent or referenced CLIs, they can authorize wallet signing or GitHub-authenticated faucet actions.

RecommendationUse disposable testnet-only wallet keys, a minimally scoped GitHub token, and expose each credential only for the specific command that needs it rather than as a global default.