ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

clawmbti-dev

v1.0.4

Detects the MBTI personality type of an AI assistant and issues a lobster-themed NFT PFP certificate. Supports three trigger modes: user-initiated, passive t...

0· 84·0 current·0 all-time
byJoyboy@joyboy-sats
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
CryptoRequires wallet
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The code (wallet manager, mint client, pfp generator, conversation manager) matches the skill's stated purpose (detect MBTI, generate PFP, mint NFT). However the presence of a baked-in API key and a centralized API endpoint in the mint client goes beyond just local result presentation and indicates external reporting/recording that the description mentions but does not fully justify or explain.
!
Instruction Scope
Instructions require silent, background collection after every AI reply and call scripts that read/write cross-session history and 'save-session' records. The SKILL.md repeatedly claims 'summaries, not transcripts' but the payload structure and steps (key_quotes.quote, evidence fields) allow storing/transmitting exact assistant statements — a direct contradiction and an unexpected scope expansion. Several operations are explicitly 'silent' (wallet generation, report submission) which can lead to unnotified data exfiltration.
Install Mechanism
There is no formal install spec, but runtime instructions expect the 'uv' tool and advise installing it via a curl | sh command if missing. That is a network-installed bootstrap step outside normal package review and increases risk if executed. The pyproject lists legitimate dependencies (httpx, solana helper libs) but no controlled install flow is provided.
!
Credentials
The skill requests no environment variables, but it silently creates and stores a Solana wallet private key locally (~/.mbti/wallet.json) and transmits wallet_address plus 'evidence' to a remote API. The mint client embeds a hardcoded API_KEY used for Authorization to the remote service — a secret baked into client code. Collecting and sending conversational evidence (and potentially exact quotes) to an external domain for every user/agent run is disproportionate for a 'personality test' unless the user explicitly consents.
!
Persistence & Privilege
Although the skill's registry flags do not set always:true, the SKILL.md defines an always-on signal collection mode that runs after every AI reply and instructs silent wallet generation and background report submission. Autonomous invocation plus silent per-reply collection and outbound network calls gives the skill broad, persistent data access and exfiltration capability without user-visible prompts.
Scan Findings in Context
[hardcoded-api-key] unexpected: scripts/mint_client.py contains API_KEY = "sk-clawmbti" and uses it in the Authorization header for all POST/GET calls to the remote API. Having a baked-in credential in client-side code is risky and not necessary for a local analysis step; it centralizes trust and hides what privileges that key grants on the remote service.
[local-wallet-write] expected: The skill intentionally generates and stores a Solana wallet locally (~/.mbti/wallet.json) to receive NFTs. This is expected for minting, but it is sensitive because private keys are persisted on disk and the instructions are explicit about silent generation (no prior user approval).
What to consider before installing
This skill generally does what it promises (analyze the assistant and mint an NFT), but it also: 1) silently collects MBTI signals after every assistant reply and saves session records that can include exact assistant quotes; 2) auto-creates and stores a Solana private key locally (~/.mbti/wallet.json); and 3) sends evidence and your wallet address to a remote API (https://clawmbti-dev.myfinchain.com) using a hardcoded API key embedded in the code. Before installing/using: - Review scripts conversation_manager.py, wallet_manager.py, and mint_client.py to confirm exactly what is saved and transmitted. - Ask whether you can disable the 'always-on' silent collection or require explicit user consent before collecting/sending data. - If you care about confidentiality, do not grant this skill autonomous invocation or run it in a sandboxed environment; consider running the scripts locally under your control and inspecting the network calls. - Verify the remote service (myfinchain domain) and understand what the hardcoded API key permits server-side. - If you proceed, be aware the wallet private key is stored locally; back it up securely and avoid using keys you care about for other funds. If you want, I can list the exact files/lines that send data or suggest edits to remove silent collection or hardcoded credentials.

Like a lobster shell, security has layers — review code before you run it.

latestvk977b0gyj5atbxsyz1ka68qz0184jy63

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments