Skillv1.0.0

ClawScan security

Monad Wordle Skill · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousFeb 13, 2026, 7:13 PM

Verdict: suspicious
Confidence: high
Model: gpt-5-mini
Summary: The skill claims to be an on‑chain Wordle game but its runtime instructions require a private key and on‑chain spending while the registry metadata declares no credentials — a clear mismatch that could expose sensitive keys or funds if installed without caution.
Guidance: This skill will need a wallet private key and will perform on‑chain purchases and approvals that spend real funds, but the registry metadata doesn't declare any required credentials — a mismatch that could expose your keys or money if you provision them blindly. Before installing: (1) Do NOT provide your main private key as an env var to unreviewed skills. Use a separate wallet with minimal funds or an account specifically for testing. (2) Verify the contract addresses and ABI links (the skill points to a GitHub ABI and specific addresses) and inspect the smart contract source yourself or on a block explorer. (3) Confirm the external API host (https://wordle.nadnation.xyz) is legitimate and review its privacy/security practices. (4) Prefer signing transactions with a hardware wallet or WalletConnect flow rather than injecting PRIVATE_KEY into environment variables. (5) Ask the publisher to update the skill metadata to declare required env vars (e.g., PRIVATE_KEY) and to provide explicit safety/consent steps; request code or a manifest so you can review exactly what actions the agent will take. If you cannot verify these points, treat the skill as risky and avoid supplying signing credentials.

Review Dimensions

Purpose & Capability: concernThe name/description (play Wordle on Monad using $WORDLE) matches the instructions' on‑chain workflows, but the skill's declared requirements (no env vars, no credentials) do not match the actual needs: SKILL.md expects a wallet private key and on‑chain token approvals and purchases. The absent declaration of required credentials is inconsistent and surprising.
Instruction Scope: concernRuntime instructions instruct the agent to read process.env.PRIVATE_KEY, create a wallet client, buy tokens on nad.fun, approve contract spending, sign/send transactions, and POST transaction hashes to an external API (https://wordle.nadnation.xyz). These actions involve sensitive keys and fund transfers; the SKILL.md does not limit or require explicit interactive user consent for transactions and does not document how to safely supply signing authority.
Install Mechanism: okThis is an instruction‑only skill with no install spec and no code files, so nothing is written to disk by an installer. That minimizes install‑time risk.
Credentials: concernThe skill uses process.env.PRIVATE_KEY in examples (privateKeyToAccount) but the registry lists no required env vars or primary credential. Requesting a private key (or any signing key) is highly sensitive — it is proportionate for an on‑chain signing workflow only if declared explicitly and if safeguards are described. That declaration and safeguards are missing.
Persistence & Privilege: okThe skill does not request always:true or other elevated persistence flags; it is user‑invocable and can be invoked autonomously per platform defaults. No indications it modifies other skills or system settings.