Inflynce Campaign

AdvisoryAudited by Static analysis on May 10, 2026.

Overview

Detected: suspicious.dangerous_exec, suspicious.env_credential_access, suspicious.exposed_secret_literal

Findings (4)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Concern

ASI03: Identity and Privilege Abuse

What this means

If PRIVATE_KEY is available to the agent or passed on the command line, the skill can spend 0.25 USDC plus gas and the key itself could be exposed through the agent environment or shell history.

Why it was flagged

The script accepts a raw wallet private key and uses it to sign a USDC transfer on Base. This is purpose-related, but it gives the skill high-impact wallet authority.

Skill content

const privateKey = params.private_key || process.env.PRIVATE_KEY; ... const account = privateKeyToAccount(...); ... functionName: 'transfer'

Recommendation

Prefer manual wallet payment through the Inflynce site. If using the script, use a dedicated low-balance wallet, avoid passing private keys as command-line arguments, and remove the key from the environment after use.

Concern

ASI02: Tool Misuse and Exploitation

What this means

A mistaken or autonomous run could create a persistent spending allowance; funds up to the approved amount may later be spent by the approved contract.

Why it was flagged

top_up.js immediately creates a USDC allowance for the Boosts contract, defaults to 50 USDC, enforces only a minimum amount, and has no confirmation or revocation guidance in the code path.

Skill content

const amountStr = params.amount || '50'; ... functionName: 'approve', args: [BOOSTS_CONTRACT, parseUnits(amount.toFixed(6), 6)]

Recommendation

Require explicit user confirmation for every approval, remove the default amount, show the spender address and amount clearly, cap allowances, and document how to revoke the approval.

Note

ASI04: Agentic Supply Chain Vulnerabilities

What this means

Installing the skill requires third-party npm packages before the scripts can run.

Why it was flagged

The skill is described as having no install spec, but its instructions require installing Node dependencies. The package-lock makes this reviewable, but users should notice the external dependency install.

Skill content

Install dependencies: Run `npm install` once before using any script.

Recommendation

Review package.json and package-lock.json before installing, and the registry metadata should declare the npm install step.

Findings (4)

critical

suspicious.dangerous_exec

Location: test/create_campaign.test.js:16
Finding: Shell command execution detected (child_process).

critical

suspicious.env_credential_access

Location: scripts/create_campaign.js:73
Finding: Environment variable access combined with network send.

critical

suspicious.exposed_secret_literal

Location: scripts/pay_fee.js:36
Finding: File appears to expose a hardcoded API secret or token.

critical

suspicious.exposed_secret_literal

Location: scripts/top_up.js:36
Finding: File appears to expose a hardcoded API secret or token.