@blockchain-forever/aelf-skills
WarnAudited by ClawScan on May 10, 2026.
Overview
This hub is mostly aligned with installing aelf skills, but it can pull and run external skill packages and route agents toward wallet/trading actions without clearly requiring final user confirmation.
Install only the specific aelf skill you need, prefer pinned package sources, inspect downloaded skill contents before running setup or bun install, and require explicit confirmation before any transfer, swap, approval, NFT trade, DAO action, or other blockchain write.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A user may install a version of a downstream skill that differs from the reviewed npm version, and that downloaded code can later affect agent behavior.
The default source mode is auto, and the fallback path clones GitHub repositories without pinning a tag or commit. That means a failed npm path or explicit GitHub mode can pull mutable remote code.
let source: SourceMode = 'auto'; ... const gitResult = downloadViaGithub(skill, targetDir); ... runCommand('git', ['clone', '--depth', '1', skill.repository.https, targetDir])Prefer pinned npm packages or pinned Git tags/commits, make GitHub fallback explicit, and use --only plus --skip-install until the downloaded skill is reviewed.
Running bootstrap can execute local tooling and dependency-install behavior from downloaded packages.
The bootstrapper uses package-manager and archive commands and includes dependency installation for downloaded skills. This is central to the stated bootstrap purpose, but it executes local commands and package install logic.
runCommand('npm', ['pack', packageRef, '--pack-destination', tmpDir]); ... runCommand('tar', ['-xzf', tarballPath, '-C', targetDir, '--strip-components=1']); ... runCommand('bun', ['install'], skillDir)Run the bootstrap in an isolated workspace, inspect the downloaded skill first, and consider --skip-install when reviewing a skill for the first time.
An agent following these scenarios could proceed toward irreversible financial transactions with insufficient explicit confirmation.
The document provides executable AI workflows for blockchain writes, but dry-run/simulation is conditional on the user asking for safety, and the artifacts do not clearly require final confirmation of transaction details before execution.
3. Execute write operation (transfer). 4. If user requests safety first, prefer simulate/dry-run when available.
Require explicit user approval before every write transaction, including signer, network, recipient, amount, token, fees, slippage, and a dry-run or simulation result when available.
If wallet skills are installed and configured, the agent may be able to request or use signing capabilities for transfers, swaps, approvals, or governance actions.
The hub delegates signing identity to wallet skills. That is expected for blockchain workflows, but it is a sensitive permission boundary.
Signing identity should come from wallet skills: - standard private key flows: `portkey-eoa-agent-skills` - CA identity flows: `portkey-ca-agent-skills`
Keep wallet credentials scoped, use test accounts when possible, and require user approval for every signing operation.
A single broad bootstrap run may download multiple wallet, trading, marketplace, explorer, node, and governance skills.
If no --only filter is supplied, the bootstrap selection expands to every cataloged skill. This is consistent with an ecosystem hub but broadens the blast radius of a bad package or setup mistake.
if (onlyIds.length === 0) return catalog.skills;
Use --only for the specific skill needed, review results before running setup in agent clients, and avoid bulk installation unless intended.