Skillv1.0.0

ClawScan security

Unzipped Skill · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousFeb 11, 2026, 9:02 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's instructions and claims are inconsistent with what it actually provides: it asks you to fund wallets and will save private keys in plaintext, but there is no shipped code, the metadata appears inconsistent, and environment/installation details don't line up — verify source and code before using.
Guidance: Do not run this skill or provide private keys or funds until you verify its source and code. Specific checks: (1) Confirm the skill is actually published by the Farcaster team (matching owner ID, slug, or an official homepage) — the manifest and _meta.json currently disagree. (2) Ask for the full source repository; do not install or run scripts that are not included in the skill bundle. (3) Never send funds to an address unless you control the private key; if the skill generates a wallet, ensure you (not the skill or unknown third party) hold the private key. (4) Disable auto-save or use --no-save and store keys in a secure vault/hardware wallet if you must test. (5) Prefer to inspect src/auto-setup.js, src/credentials.js, and any npm dependencies before running npm install. If you cannot validate the code and author identity, treat this skill as untrusted.

Review Dimensions

Purpose & Capability: concernThe skill claims to be an 'Official' Farcaster agent and its stated purpose (create accounts, add signers, post casts) matches requiring node/npm. However the package is instruction-only (no runtime code files included) and registry metadata (owner/slug/version) does not match the embedded _meta.json; there is no homepage or authoritative source. The 'official' claim is therefore unverified and potentially misleading.
Instruction Scope: concernSKILL.md instructs generating wallets, asking the human to send ~$1 to a generated address, and running scripts that expect PRIVATE_KEY/SIGNER_PRIVATE_KEY env vars and src/*.js files. It also instructs automatically saving credentials to ~/.openclaw/farcaster-credentials.json or ./credentials.json in plain text. Those environment variables and file writes are not declared in the skill manifest, and saving private keys in plaintext is explicitly warned as insecure — a high-risk operation for an autonomous skill.
Install Mechanism: noteInstall spec is a shell step: 'cd {baseDir}/.. && npm install'. That is relatively low-risk by itself, but odd because the skill bundle contains no code or package.json; there is no remote download URL or pinned release. The install will only be meaningful if the agent environment already contains the expected repository layout, which is unclear. This mismatch makes behavior unpredictable.
Credentials: concernThe manifest lists no required env vars or credentials, yet the runtime instructions require PRIVATE_KEY, SIGNER_PRIVATE_KEY, and FID (used to sign transactions). The skill saves and loads private keys from disk by default. Requesting and persisting private keys (and asking a user to fund an address) is highly sensitive and not justified by the manifest's declared environment needs.
Persistence & Privilege: concernThe skill will persist wallet credentials to ~/.openclaw/farcaster-credentials.json or ./credentials.json by default (auto-save enabled), storing secrets in plaintext. Although 'always' is false, automatic plaintext storage of private keys in common locations is a significant persistence risk and should be treated as requiring explicit user consent and secure storage alternatives.