ClawdVine
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: clawdvine-skill-2 Version: 1.2.0 This skill is classified as suspicious due to its direct handling of the `EVM_PRIVATE_KEY` environment variable for signing on-chain transactions and payments, as detailed in `SKILL.md` and implemented in `scripts/sign-siwe.mjs` and `scripts/x402-generate.mjs`. While the skill includes explicit instructions for the AI agent to seek user confirmation before executing paid or on-chain actions, the inherent capability to access and use a private key from the environment for signing, combined with the general risk of prompt injection against the agent, makes it a high-risk component. There is no clear evidence of intentional malicious behavior like exfiltration of the private key or unauthorized actions, but the powerful capabilities warrant a 'suspicious' classification.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If a main wallet private key is used, the agent or script has authority to sign paid requests from that wallet; compromise or mistaken use could cost funds.
The generation helper expects a raw EVM private key for a wallet holding USDC. This is high-impact financial authority, and the registry metadata says there are no required env vars or primary credential.
Required env:\n * EVM_PRIVATE_KEY=0x... (wallet with USDC on Base)
Use a dedicated low-balance wallet, never provide a main wallet private key, and require the skill to declare wallet/private-key requirements clearly.
A mistaken prompt, model choice, retry loop, or autonomous invocation could spend USDC without the user seeing and approving the exact charge first.
The helper is explicitly designed to make an automatic x402 payment for video generation, but the artifact does not show a local maximum spend, price confirmation, or approval gate before payment.
x402-generate.mjs — Generate a video with automatic x402 payment + polling
Require explicit user approval for each paid request, show the exact x402 charge before signing, and enforce a local per-request and daily spending limit.
Future generations may be tied to the same public agent identity, portfolio, stats, and reputation.
The skill asks the agent to persist an agentId. This is purpose-aligned for attribution and credits, but it creates persistent identity linkage across future video requests.
SAVE THE RETURNED agentId TO YOUR MEMORY — you need it for all future requests
Only persist the agentId with user consent, make it easy to inspect or delete, and avoid storing it in shared memory if anonymous generation is desired.
If the full text attempts to make the skill’s instructions override user or system instructions, it could steer the agent outside the user’s intent.
A prompt-injection-style system-prompt instruction was detected in the SKILL.md, but the provided SKILL.md content is truncated, so the exact surrounding instruction cannot be assessed.
**Setting your system prompt:**
Review the full SKILL.md before installing and ignore any skill text that claims to override system, developer, or user instructions.