Ai Bounty Claim
PassAudited by ClawScan on May 10, 2026.
Overview
The skill is coherent for claiming a tDVV AI bounty, but it should be used carefully because it relies on local wallet signer authority and external Portkey skill dependencies.
Install only if you trust the Portkey dependency skills and understand that the agent may use local wallet signer authority after your confirmation. Verify contract addresses, signer, caHash or EOA address, reward receiver, and gas notes before approving any transaction, and never expose private keys in chat.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
After confirmation, the agent may submit a blockchain transaction that affects the user's wallet or claim status.
This documents an on-chain write action through a helper. It is purpose-aligned and gated on explicit confirmation, but it can spend gas and finalize a claim.
Only after explicit confirmation, prefer `managerForwardCallWithKey(...)` to send the forwarded AA/CA claim through `ManagerForwardCall`.
Before confirming, verify the signer, caHash, contract address, method chain, reward receiver, and expected gas behavior.
If the signer or private key is exposed or misused, the user's wallet/account authority could be affected.
The example uses a wallet private key from the environment for a manager signer. This is expected for a wallet transaction workflow, but private keys and signer authority are high-impact credentials.
const privateKey = process.env.PRIVATE_KEY!;
Do not paste private keys into chat, use only trusted local wallet tooling, keep environment variables secure, and confirm transactions only after reviewing the write summary.
The actual wallet-handling behavior may depend on external skill code or instructions outside this review context.
The skill explicitly relies on external dependency skills by URL, but the supplied artifacts do not pin versions or include those dependency contents for review.
Portkey EOA skill: `https://github.com/Portkey-Wallet/eoa-agent-skills` ... Portkey CA skill: `https://github.com/Portkey-Wallet/ca-agent-skills`
Use trusted, reviewed, preferably pinned versions of the Portkey dependency skills before allowing wallet operations.