ClawdVine

AdvisoryAudited by Static analysis on May 10, 2026.

Overview

Detected: suspicious.env_credential_access, suspicious.prompt_injection_instructions

Findings (3)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Concern

ASI03: Identity and Privilege Abuse

What this means

If a main wallet private key is used, the agent or script has authority to sign paid requests from that wallet; compromise or mistaken use could cost funds.

Why it was flagged

The generation helper expects a raw EVM private key for a wallet holding USDC. This is high-impact financial authority, and the registry metadata says there are no required env vars or primary credential.

Skill content

Required env:\n *   EVM_PRIVATE_KEY=0x...  (wallet with USDC on Base)

Recommendation

Use a dedicated low-balance wallet, never provide a main wallet private key, and require the skill to declare wallet/private-key requirements clearly.

Concern

ASI02: Tool Misuse and Exploitation

What this means

A mistaken prompt, model choice, retry loop, or autonomous invocation could spend USDC without the user seeing and approving the exact charge first.

Why it was flagged

The helper is explicitly designed to make an automatic x402 payment for video generation, but the artifact does not show a local maximum spend, price confirmation, or approval gate before payment.

Skill content

x402-generate.mjs — Generate a video with automatic x402 payment + polling

Recommendation

Require explicit user approval for each paid request, show the exact x402 charge before signing, and enforce a local per-request and daily spending limit.

Note

ASI06: Memory and Context Poisoning

What this means

Future generations may be tied to the same public agent identity, portfolio, stats, and reputation.

Why it was flagged

The skill asks the agent to persist an agentId. This is purpose-aligned for attribution and credits, but it creates persistent identity linkage across future video requests.

Skill content

SAVE THE RETURNED agentId TO YOUR MEMORY — you need it for all future requests

Recommendation

Only persist the agentId with user consent, make it easy to inspect or delete, and avoid storing it in shared memory if anonymous generation is desired.

Findings (3)

critical

suspicious.env_credential_access

Location: scripts/check-balance.mjs:22
Finding: Environment variable access combined with network send.

critical

suspicious.env_credential_access

Location: scripts/x402-generate.mjs:29
Finding: Environment variable access combined with network send.

warn

suspicious.prompt_injection_instructions

Location: SKILL.md:1569
Finding: Prompt-injection style instruction pattern detected.