Skillv1.0.0

ClawScan security

Kelp Forest · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousFeb 11, 2026, 9:32 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's runtime instructions clearly require a wallet private key and will perform on-chain transfers/approvals, but the registry metadata doesn't declare any required credentials or a source/homepage — this mismatch and the use of large token approvals are concerning.
Guidance: This skill contains runnable scripts that require your wallet private key and will approve/deposit tokens on the Base network. Before using it: (1) Do not paste or export your main/private wallet key into an untrusted environment — prefer an ephemeral wallet or a hardware wallet. (2) Verify the smart contract addresses and inspect the contract code on a block explorer (ensure the FOREST contract is audited/trusted). (3) Never approve unlimited allowances; change the approve amount to a minimal needed value and/or revoke allowances after use. (4) Require the publisher to add metadata: declare WALLET_KEY as a required env var, provide source code repository and homepage, and explain why large approvals are necessary. (5) Test on a testnet or with a small amount first. (6) If the agent platform would run skills autonomously, avoid supplying long-lived private keys to the platform. These inconsistencies (missing required-env declaration, no source/homepage, and risky default approvals) are why I rate the skill as suspicious; additional publisher/source information and metadata fixes would increase confidence.

Review Dimensions

Purpose & Capability: noteThe SKILL.md implements an on-chain yield-farming agent for the Base network (registering an agent, approving MOLT, depositing, harvesting, keeper loop). That functionality matches the implied name, but the package metadata provides no description, no source/homepage, and does not declare the sensitive credential (WALLET_KEY) the instructions require.
Instruction Scope: concernInstructions explicitly require a private key via WALLET_KEY, call contract methods that can move funds (approve, deposit, withdraw), and recommend approving a very large allowance (parseUnits('999999999',18)). Approving unlimited allowances and running deposit/withdraw operations are expected for such an agent but are high-risk actions and should be clearly surfaced in metadata and documentation; the skill does not.
Install Mechanism: okThis is instruction-only (no install spec or code files). It asks users to run 'npm install ethers' and run the provided node scripts — expected and low-risk from an installer perspective because no arbitrary remote downloads or extract steps are specified.
Credentials: concernThe runtime requires a wallet private key (WALLET_KEY) and a funded wallet, but the registry lists no required env vars or primary credential. Requesting a high-privilege secret (private key) is proportionate to the task only if documented; omission from metadata is an incoherence and a security concern. The instructions also suggest very large token approvals which are disproportionate unless justified.
Persistence & Privilege: noteThe skill does not request always:true or any platform-level persistence and is instruction-only. However, if an agent or platform were given a private key and allowed autonomous invocation, the combination would enable automated transfers — users should be aware of the risk of giving any agent private key access.