Skillv1.1.2

ClawScan security

Superfluid Protocol · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 14, 2026, 11:28 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The bundle is a coherent Superfluid protocol knowledge base (ABIs, guides, and helper scripts), but it includes executable scripts that can make on‑chain calls while declaring no environment / credential requirements — review the scripts and runtime behavior before running.
Guidance: This skill appears to be a legitimate Superfluid documentation bundle (ABIs, guides, developer notes) but includes executable JS scripts that may perform on‑chain RPC calls. Before installing or executing anything: 1) Inspect the scripts (scripts/*.mjs) for network calls, process.env usage, or hardcoded URLs/keys; search for fetch/axios/https/ethers/providers or direct POSTs to external endpoints. 2) Do not provide private keys or broad RPC credentials to the skill; if you must run scripts, use a read‑only RPC endpoint and an ephemeral account with no funds. 3) Run scripts in a sandboxed environment (container or VM) and with network monitoring to detect unexpected outbound connections. 4) If you want to allow the agent to use the skill, consider disabling autonomous skill invocation (if your platform supports it) until you verify scripts are safe. 5) If you need the knowledge base only, prefer reading the YAML/guides rather than executing the scripts. If you want, I can scan the .mjs files for patterns (process.env use, outbound HTTP, RPC provider creation, or key handling) and point to any exact lines of concern.

Review Dimensions

Purpose & Capability: okThe skill name and description match the included artifacts: rich ABI YAMLs, protocol guides, subgraph notes, and helper scripts. Files (ABI/selectors/guides) are proportionate to a knowledge base aimed at developers and investigators.
Instruction Scope: noteSKILL.md stays on‑topic: it maps use cases to ABI YMLs and points developers to specific guides and scripts (e.g., scripts/balance.mjs, scripts/metadata.mjs, and examples that use 'cast call'). It does suggest running scripts and on‑chain calls but does not instruct the agent to read unrelated system files or exfiltrate data. Because runtime instructions reference executable scripts, you should assume those scripts can perform network/RPC calls and require further review before execution.
Install Mechanism: okThere is no install specification (instruction-only behavior at packaging level). No downloads, package installs, or external installers are declared — this limits the attack surface from packaging/install-time behavior.
Credentials: concernThe package declares no required env vars or credentials, yet it contains multiple .mjs scripts and guidance to run 'cast call' and other on‑chain commands. Those scripts commonly require RPC endpoints (e.g., an ETH node URL), and some workflows may need private keys or signer configuration. The absence of any declared env requirements is a mismatch that could result in users supplying credentials ad hoc (or the scripts prompting for them). Verify scripts for uses of process.env, hardcoded endpoints, or requests to external HTTP endpoints before running.
Persistence & Privilege: okNo special persistence requested: always:false, user-invocable:true, and model invocation is allowed (the platform default). The skill does not claim to modify other skills or system-wide settings. Nothing here indicates elevated or permanent privileges.