Skillv1.0.2

ClawScan security

Bluepages · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousFeb 18, 2026, 10:16 AM

Verdict: suspicious
Confidence: high
Model: gpt-5-mini
Summary: The skill's purpose (wallet ↔ social handle lookups) matches its behavior, but there are notable inconsistencies and sensitive requirements — notably an unclear env-var requirement (both vs. one-of), and it runs remote node code via npx and may ask for an Ethereum private key — these merit caution.
Guidance: Before installing: 1) Clarify the env-var discrepancy — confirm whether the skill requires BOTH BLUEPAGES_API_KEY and PRIVATE_KEY or just one of them (SKILL.md says one of). 2) Prefer using BLUEPAGES_API_KEY (less sensitive); avoid giving your main Ethereum private key. If you must provide a PRIVATE_KEY, use a dedicated, minimally funded wallet and rotate it after use. 3) Because the install runs remote code via npx (github:bluepagesdoteth/bluepages-mcp), review the GitHub repo and its code (or run it in an isolated sandbox/container) before executing. 4) Be aware of per-request costs and rate limits described in the doc. 5) If you want stronger guarantees, ask the publisher for a signed release or a packaged artifact you can inspect, and consider restricting the skill's use (do not grant it broad autonomous actions) until you're comfortable.

Review Dimensions

Purpose & Capability: noteThe skill claims to map wallet addresses to Twitter/Farcaster identities and all runtime instructions and API endpoints align with that purpose. However, the registry metadata lists both BLUEPAGES_API_KEY and PRIVATE_KEY as required env vars, while SKILL.md explicitly says you need one of them (API key recommended, private key optional for x402 payments). This inconsistency is unexpected and should be clarified.
Instruction Scope: noteSKILL.md restricts operations to calling bluepages.fyi (or running the bluepages MCP via npx) and describes the expected request/credit flow. It does not instruct reading unrelated local files or contacting other endpoints. However, it does instruct use of a PRIVATE_KEY for x402 payments — handling a private key is sensitive and expands the risk profile (signing payment requests). The doc warns not to use a main wallet key, which is good guidance but does not eliminate the sensitivity.
Install Mechanism: concernInstallation is via a node package hosted on GitHub and the SKILL.md recommends running it with npx (npx -y github:bluepagesdoteth/bluepages-mcp). While GitHub is a common host, npx will fetch and execute remote code at runtime, which increases risk compared to instruction-only skills. This is proportionate for a client/server tool but users should audit the repository or run the package in a sandbox before trusting it.
Credentials: concernRequesting an API key (BLUEPAGES_API_KEY) is proportionate to the service. Requesting a PRIVATE_KEY (Ethereum private key) is explainable for on-chain x402 payments, but it is highly sensitive and should be optional. The registry metadata's requirement of both env vars is inconsistent with the SKILL.md's 'one of' statement and is a red flag — the skill should not demand unrelated credentials. Prefer an API key; if a private key is provided, restrict funds and use a throwaway agent wallet as recommended.
Persistence & Privilege: okThe skill does not request always: true, does not declare any special config paths, and relies on normal agent invocation. It does not request system-wide privileges or to modify other skills' configs. Default autonomous invocation is enabled (platform default) but is not combined with other excessive privileges here.