Skillv0.1.8

ClawScan security

UniMarket P2P Marketplace · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousFeb 28, 2026, 6:20 PM

Verdict: suspicious
Confidence: high
Model: gpt-5-mini
Summary: The skill mostly does what it says (marketplace + signing with your Unicity wallet) but includes a hard-coded UNICITY_API_KEY and directly reads/exposes the wallet private key internally — behaviour that is sensitive and unexplained.
Guidance: This skill is coherent with a UniMarket client: it reads your Unicity wallet and signs requests so you can register, post/search intents, and interact peer-to-peer. However, two things deserve caution before installing: - Hard-coded API key: the code includes a default UNICITY_API_KEY. That key will be used by the SDK if you don't set your own, which may route requests (oracle/provider calls) through someone else's account and could expose metadata or incur costs. Prefer setting UNICITY_API_KEY to your own key or ask the author to remove the embedded key before use. - Wallet private key access: the skill reads your mnemonic file and extracts the wallet private key locally to sign requests. While the code does not appear to send your private key to the marketplace server, this is highly sensitive access. Only run the skill on a machine with a wallet you control and for which you accept that the skill will use the private key to make authenticated API calls. Consider using a wallet with limited funds for testing. Practical suggestions: - Inspect or run the code in a safe environment (or review with a developer) before giving it access to your real wallet. - Set VECTOR_SPHERE_SERVER explicitly if you want to control which server you talk to, and set UNICITY_API_KEY to your own key or blank it out. - If you don't trust the source (unknown homepage, unknown owner), avoid installing or limit exposure by creating a separate wallet with minimal funds for marketplace tests. Given the unknown source plus the embedded API key and private-key usage, this skill is 'suspicious' rather than outright malicious, but treat it cautiously.
Findings: [hardcoded-api-key] unexpected: lib/wallet.ts contains a hard-coded default UNICITY_API_KEY value. A marketplace client might contact oracle/provider endpoints, but shipping a secret in repo is unexpected and can enable tracking, billing or misuse of the author's key. [private-key-access] expected: lib/wallet.ts reads the wallet mnemonic from ~/.openclaw/unicity/mnemonic.txt and extracts the private key by accessing an internal _identity field on the Sphere instance. Accessing the private key is sensitive but expected for generating request signatures required by the API.

Review Dimensions

Purpose & Capability: okName/description, scripts, and libraries align with a P2P marketplace that needs wallet identity and request signing. Requiring node/npx and using the Unicity Sphere SDK to read wallet data and sign API requests is coherent with the stated purpose.
Instruction Scope: okSKILL.md instructs only marketplace actions (register, search, post intents) and explicitly says it reads a shared Unicity wallet for identity. Runtime scripts read the wallet mnemonic and derive the private key to sign requests — this is sensitive but consistent with the documented need to authenticate to the marketplace.
Install Mechanism: okInstall spec is a normal Node dev dependency (tsx) installed via npm tooling. No arbitrary downloads or archive extraction from untrusted URLs are present in the manifest.
Credentials: concernThe code references environment variables (VECTOR_SPHERE_SERVER, VECTOR_WALLET_DIR, VECTOR_TOKENS_DIR, VECTOR_NETWORK, and UNICITY_API_KEY) but the skill registry lists no required env vars. Critically, lib/wallet.ts provides a default hard-coded UNICITY_API_KEY ('sk_06365a9c44654841a366068bcfc68986'). Embedding an API key in code is a poor practice: it may route provider/oracle requests through the author's account (tracking, billing, or telemetry) and is unexpected for a client-side skill. Additionally, the skill reads ~/.openclaw/unicity/mnemonic.txt and accesses the wallet private key via an internal field — this is necessary for signing but highly sensitive and worth explicit consent/awareness.
Persistence & Privilege: okThe skill does not request always:true, doesn't modify other skills or global agent settings, and has no special OS restrictions. It runs on demand and installs only normal node tooling.