ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Polygon Agents SDK

v1.0.0

Complete Polygon agent toolkit. Session-based smart contract wallets (Sequence), token ops (send/swap/bridge/deposit via Trails), ERC-8004 on-chain identity...

1· 347·0 current·0 all-time
by@jameslawton
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name, description, and the CLI commands in SKILL.md consistently describe a Polygon agent toolkit (wallet/session creation, token ops, ERC‑8004 registration). The declared environment variables in the docs (SEQUENCE_PROJECT_ACCESS_KEY, SEQUENCE_INDEXER_ACCESS_KEY, optional Trails keys) are appropriate for the described functionality.
!
Instruction Scope
The instructions require running a third‑party CLI (npm install -g github:0xPolygon/polygon-agent-kit) that will: create and store private keys, auto-open a Cloudflare Quick Tunnel, save session blobs to /tmp, and insist you transmit full approval URLs to users. Those actions are expected for a session-based wallet flow, but they broaden the agent's runtime surface (network-exposed tunnels, temporary plaintext blobs, local storage of private keys) and could enable attack vectors if the underlying code or downloaded binaries are malicious or tampered with.
!
Install Mechanism
SKILL.md instructs installation from a GitHub repo via npm (github:0xPolygon/polygon-agent-kit) — a common pattern but still fetches code at install time. More concerning: the CLI auto-downloads a cloudflared binary into ~/.polygon-agent/bin/ on first use. Auto-downloading and executing binaries from the network increases risk unless the source and integrity checks (signatures/checksums) are explicit. The registry metadata itself had no install spec or homepage listed, which reduces traceability.
Credentials
Required environment variables listed in SKILL.md (SEQUENCE_PROJECT_ACCESS_KEY and SEQUENCE_INDEXER_ACCESS_KEY) are directly relevant to wallet/session operations. Optional vars (TRAILS_API_KEY, TRAILS_TOKEN_MAP_JSON, debug flags) also make sense. The skill will output and ask you to save private keys and stores encrypted material in ~/.polygon-agent/ — expected, but these are high‑sensitivity secrets and the workflow involves temporary plaintext blobs in /tmp and URLs that must be copied exactly.
Persistence & Privilege
The skill is instruction-only and does not request always:true or other elevated platform privileges. However, the CLI behavior described will create persistent files under ~/.polygon-agent/ (encrypted storage and a bin folder for cloudflared) and write temporary files under /tmp; it also spawns a network tunnel. Those are normal for a CLI wallet but constitute persistent disk and network state that you should be willing to host on the machine used.
Scan Findings in Context
[no-regex-findings] expected: The scanner found no code files to analyze (the skill is instruction-only). This is expected given the package is not embedded in the registry entry — it directs users to install a GitHub-hosted npm package instead. Absence of findings does not mean the upstream package or auto-downloaded binaries are safe.
What to consider before installing
This skill appears to implement what it claims, but it performs sensitive operations (generates/saves private keys, auto-downloads/executes cloudflared, exposes a public tunnel and temporary blobs). Before installing or running it: 1) Verify the upstream repo (https://github.com/0xPolygon/polygon-agent-kit) is authentic and review its code — especially any cloudflared download logic and where binaries are fetched from. 2) Prefer installing and running in an isolated environment (VM/container) rather than a primary machine. 3) Do not paste or share private keys or session blobs publicly; treat SEQUENCE_* keys as secrets. 4) If you must use it on a workstation, verify any downloaded binary checksums/signatures and consider using your own Cloudflare/connector setup instead of auto-tunnel. 5) If you lack comfort auditing the code, ask for a signed release or a package from a verifiable publisher before proceeding.

Like a lobster shell, security has layers — review code before you run it.

latestvk977dgn0382ypw05txs9rfrsyn81xqve

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments