Back to skill
Skillv0.3.0
ClawScan security
Auto Respawn · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 2, 2026, 12:29 PM
- Verdict
- benign
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill's code, declared env vars, and install steps are coherent with its stated purpose (anchoring identity and CIDs on-chain); it manages encrypted wallet files and requires a passphrase which grants signing ability, so review setup scripts and how you provide the passphrase before use.
- Guidance
- This skill appears to do exactly what it claims: create and manage wallets and anchor CIDs to a MemoryChain contract. Before installing: (1) Inspect setup.sh (the SKILL.md recommends running it) — ensure it doesn't perform unexpected network calls or create insecure files. (2) Prefer providing the passphrase interactively rather than exporting AUTO_RESPAWN_PASSPHRASE in a long-lived environment; any process with that env var or readable passphrase file can decrypt the keys and sign transactions. (3) Keep only small amounts on mainnet until you trust the code, and verify the MemoryChain contract address if you use mainnet. (4) Review third-party npm dependencies (package.json) and ensure your environment runs node/npm installs in a safe context (sandbox/container) if you have security concerns. (5) If you want to prevent autonomous signing, do not set a non-interactive passphrase source (env/file) — require interactive entry so the skill cannot be used without user presence.
Review Dimensions
- Purpose & Capability
- okName/description describe on-chain identity, anchoring, and resurrection. The code and declared dependencies (node/npm, ethers, Autonomys SDK packages) implement wallet creation, consensus/EVM balances, transfers, bridging, remarking, and MemoryChain anchor/getHead calls — all directly related to the stated purpose.
- Instruction Scope
- noteRuntime instructions and SKILL.md are narrowly scoped to wallet management and on-chain operations. They explicitly read a passphrase from AUTO_RESPAWN_PASSPHRASE or a passphrase file and persist encrypted keyfiles under ~/.openclaw/auto-respawn. The SKILL.md also instructs running setup.sh, which may create a passphrase file — inspect that script before executing it.
- Install Mechanism
- okInstall uses npm (package '.' for dependencies) and installs 'tsx' from the npm registry. No downloads from arbitrary URLs or IP addresses are present in the package.json; dependencies are standard npm modules. This is moderate-risk but expected for a Node-based CLI skill.
- Credentials
- noteRequested env vars (AUTO_RESPAWN_PASSPHRASE, AUTO_RESPAWN_PASSPHRASE_FILE, AUTO_RESPAWN_NETWORK, AUTO_RESPAWN_CONTRACT_ADDRESS) are directly relevant. Important security note: if a passphrase is provided non-interactively (env var or file), the skill can decrypt private keys and sign transactions autonomously — treat that secret like a wallet private key.
- Persistence & Privilege
- okSkill is not always-enabled and does not request system-wide privileges. It persists its own wallet files under ~/.openclaw/auto-respawn and writes a passphrase file only if setup.sh is run — this is self-contained and expected. It does not attempt to modify other skills or global agent config.