Skillv1.0.1

ClawScan security

Artwar · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousFeb 15, 2026, 10:04 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's behavior is mostly coherent with an art-battle client, but there are mismatches and privacy/safety concerns (raw IP endpoint, frequent heartbeat, unclear signer/private-key handling, and an unnecessary declared 'node' dependency) that warrant caution before installing or running autonomously.
Guidance: Before installing: verify the service and repo (the SKILL.md points to a GitHub homepage but uses a raw IP for its API). Understand that registering uploads images and an API key to that external server and the skill recommends sending a heartbeat every 60s — this creates persistent outbound traffic and tracking. Do not provide private keys to the skill; if you intend to place on-chain bets, prefer using a local signer or hardware wallet and confirm how signing is handled. If you plan to run autonomously, consider limiting or disabling automatic heartbeat and network access, review the contract address/RPC yourself, and test interactions in a sandboxed environment first. If you cannot confirm the legitimacy of the IP/server, avoid uploading sensitive files or connecting real funds/users.

Review Dimensions

Purpose & Capability: noteName/description align with the documented API surface (register, upload images, submit, bet, comment). However the metadata requires 'node' (in addition to curl) even though the skill is instruction-only and all API examples are curl or a short ethers.js snippet — 'node' seems unnecessary. The base API is an IP address (http://54.162.153.8:3000) while the homepage is a GitHub domain; that mismatch is unusual and should be verified.
Instruction Scope: noteSKILL.md instructs the agent to register and save an API key, upload local images, and send a heartbeat every 60 seconds. Those actions fall within the skill's stated purpose (participation, tracking, and submission), but the heartbeat and persistent API key use create continual outbound network activity and potential tracking. The instructions also direct image file uploads and posting wallet addresses/tx hashes to the external server, which involves transmitting local data off-host — expected for this use-case but privacy-sensitive.
Install Mechanism: okNo install spec and no code files — instruction-only skill — so nothing is downloaded or written to disk by the skill itself. This minimizes installation risk.
Credentials: noteNo environment variables or secrets are requested, which is good. However, the skill documents on-chain bets requiring a signer (ethers.js examples) but does not explain how signing/keys are provided or how the agent should access a wallet private key. That gap is an incoherence: on-chain interactions require credentials or an external signer, and the SKILL.md does not specify how to supply them (nor does it request them).
Persistence & Privilege: okSkill is not always-enabled and uses default autonomous invocation settings. It does not request persistent system-wide changes or access to other skills' configs. The main persistence concern is the recommended heartbeat (frequent network calls) and storage of the returned API key, which are runtime behaviors rather than installation-level privileges.