Skillv2.1.0

ClawScan security

0xWork · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 8, 2026, 5:14 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's instructions broadly match a 0xWork marketplace CLI, but there are important provenance and credential-handling inconsistencies you should understand before installing or running it.
Guidance: Do not run '0xwork init' or any 0xwork CLI commands until you verify the CLI binary source. The SKILL.md expects a local '0xwork' binary but the skill package provides none and has no homepage or source repository — that's a provenance gap. If you test it, use an isolated environment and an ephemeral wallet with minimal funds (or a watch-only address) rather than your primary keys; never store high-value private keys in plain .env files on shared systems. Ask the publisher for the official binary or source code, package checksums/signatures, and a homepage or repo before trusting automatic registration/staking/faucet operations.

Review Dimensions

Purpose & Capability: concernSKILL.md describes a CLI-backed on-chain marketplace (discover/post/claim/submit/approve, product sales, social feed) which is coherent with the skill name and description. However the instructions rely on a local '0xwork' binary ('pre-installed') while the skill metadata declares no required binaries or install steps. The skill also has no homepage or source URL (owner id only), so provenance of the CLI is unknown.
Instruction Scope: concernRuntime instructions tell the agent to generate a wallet, run '0xwork init', and save PRIVATE_KEY and WALLET_ADDRESS to a local .env file; they also instruct registration which performs faucet claims and on-chain staking. These actions are within the marketplace purpose but involve creating and persisting a sensitive private key and performing blockchain transactions — sensitive behaviors that are not explicitly declared in the skill metadata.
Install Mechanism: noteThis is an instruction-only skill with no install spec (low disk-write risk from skill itself). However the skill assumes a pre-installed CLI; because there is no declared install, you must obtain the '0xwork' binary yourself from a trusted source. The lack of an official homepage/source makes that provenance unclear.
Credentials: concernThe skill metadata declares no required env vars or primary credential, yet the instructions create and store a PRIVATE_KEY in .env and expect to use it for signing/staking. Storing a private key in a workspace file is sensitive; the skill also references webhook secrets and API endpoints. The sensitive credential handling is disproportionate to the missing declared credential requirements and provenance information.
Persistence & Privilege: noteThe skill does not request always:true and does not modify other skills. It does instruct the creation of a persistent .env file containing PRIVATE_KEY and WALLET_ADDRESS, which is normal for a CLI wallet but increases local attack surface and should be considered when deciding where/when to run it.