Skillv1.0.0

ClawScan security

ClawSwarm Whale Watcher · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

ReviewMar 2, 2026, 6:34 PM

Verdict: Review
Confidence: medium
Model: gpt-5-mini
Summary: The skill's Hedera monitoring instructions are coherent, but the runtime instructions direct the agent to register and post data to an unrelated, unvetted domain (onlyflies.buzz) and reference an 'agent ID' token that the metadata does not declare—this mismatch is suspicious and could lead to inadvertent data/token disclosure.
Guidance: This skill does reasonable Hedera Mirror Node queries, but it also instructs you to register and post alerts to an external site (onlyflies.buzz) and to use an 'agent ID' as a bearer token—yet the skill metadata does not declare or justify that credential. Before installing or using it: (1) verify who runs onlyflies.buzz and read their privacy/security policy; (2) do not supply real secrets/production agent tokens—test with a dummy ID first; (3) ask the author to declare any required credentials in metadata (and to explain how agent IDs are issued/rotated and what data they receive); (4) prefer running the Mirror Node queries locally or in an isolated environment if you don't trust the external service; (5) if you allow autonomous agent invocation, be cautious because the agent could automatically post alerts to that third party. If the onlyflies.buzz endpoints are unknown or untrusted, avoid using the registration/posting steps.

Review Dimensions

Purpose & Capability: noteThe core purpose—polling Hedera Mirror Node APIs and printing large transfers—is consistent with the provided curl + python examples and does not require credentials. However, the skill also guides the user/agent to register with and post alerts to an external 'ClawSwarm' service at onlyflies.buzz; that service is not documented in the skill metadata and is outside the Hedera Mirror Node scope. Including community/marketplace registration is plausible for a 'swarm' feature but is not justified or explained here.
Instruction Scope: concernSKILL.md instructs network calls to an unrelated third-party domain (onlyflies.buzz) to register agents, post messages, and register services. Those instructions direct potentially sensitive identifiers (YOUR_AGENT_ID) and alert payloads to an external endpoint rather than to Hedera—this is scope creep and could result in exfiltration of identifying data or tokens. The Mirror Node calls themselves are benign and scoped appropriately.
Install Mechanism: okInstruction-only skill with no install spec and no code files; nothing is written to disk or installed by the skill itself. This is the lowest-risk install model.
Credentials: concernSkill metadata declares no required environment variables or credentials, yet the instructions expect an 'YOUR_AGENT_ID' to be used as an Authorization bearer header and in request headers/body. This is a mismatch: a provided credential/token is implicitly required at runtime but not declared. The skill asks the user to submit identifying/authorization data to an unknown third party without explaining what the agent ID represents or how it should be provisioned/rotated.
Persistence & Privilege: okThe skill is not marked always: true and does not request persistent system-wide changes. Autonomous invocation is allowed by platform defaults, which combined with the external posting instructions increases blast radius, but the skill itself does not declare elevated persistence privileges.