Back to skill
Skillv1.0.0
ClawScan security
XMTP CLI · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
SuspiciousFeb 11, 2026, 8:45 AM
- Verdict
- suspicious
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill appears to be a straightforward CLI instruction pack for the XMTP CLI, but it omits declaring sensitive environment requirements (private key and DB encryption key) and has no verified source/homepage, so the package demands should be checked before use.
- Guidance
- This skill's documentation looks like legitimate XMTP CLI usage, but note two things before installing or using it: (1) the SKILL.md expects you to create a .env containing XMTP_WALLET_KEY (your Ethereum private key) and XMTP_DB_ENCRYPTION_KEY — extremely sensitive values. Never paste a real production private key into an untrusted package's config; prefer ephemeral wallets, hardware wallets, or a provider-based auth flow. (2) The skill metadata does not provide a source or homepage and does not declare the required env vars — verify you are installing the official @xmtp/cli from the npm registry (check the package owner, release page, and package contents) and confirm the package integrity (checksums/signatures) before installing. If you must use this skill, run it in an isolated environment (container/VM) and avoid storing long-term private keys in plaintext .env files. If possible, consult the official docs at https://docs.xmtp.org and install only from the official project pages.
Review Dimensions
- Purpose & Capability
- okThe name/description match the instructions: the skill documents how to use the @xmtp/cli to init, send, list, groups, sync, debug, permissions, and content. Sub-skill topics and commands are coherent with a messaging CLI.
- Instruction Scope
- okSKILL.md and the sub-skill docs instruct only CLI commands, env setup, and use of the XMTP gateway; they do not direct the agent to read arbitrary system files, exfiltrate data, or post to unknown endpoints. Using a custom gateway URL is permitted by the tool and documented.
- Install Mechanism
- okThis is an instruction-only skill with no install spec; it recommends installing the official npm package (@xmtp/cli) or running via npx/pnpx/dlx — a standard, low-risk approach. No arbitrary download URLs or extract steps are included in the skill bundle.
- Credentials
- concernThe skill registry lists no required env vars, but the runtime docs explicitly require highly sensitive variables (XMTP_WALLET_KEY — a private key, and XMTP_DB_ENCRYPTION_KEY) plus optional gateway and debug flags. That mismatch (declared none vs. instructions requiring secrets) is an incoherence and a red flag: supplying a private key in a .env is sensitive and should be carefully justified and validated. The need for these variables is proportional to a CLI that signs messages, but the skill should have declared them in metadata and warned about risks.
- Persistence & Privilege
- okThe skill does not request always:true, does not modify other skills, and has no install-time persistence in the bundle. Agent autonomous invocation is allowed (platform default) but not combined with other high-risk properties here.