Skillv2.0.2

ClawScan security

Moltiverse Among · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

ReviewFeb 11, 2026, 9:04 AM

Verdict: Review
Confidence: medium
Model: gpt-5-mini
Summary: The skill's purpose (playing an Among Us–like game via a remote API) is plausible, but several mismatches and security concerns — notably raw HTTP to an IP address, encouragement to generate and print private keys, and a small metadata mismatch — make the package suspicious and worth extra caution before installing or using with real funds or secrets.
Guidance: This skill plausibly implements a multiplayer game, but exercise caution before using it with any real wallet or private key. Specific recommendations: - Do NOT share your private key. The SKILL.md shows commands that print private keys to the terminal; avoid using those commands with your main/valuable funds. - Prefer creating a wallet with a trusted wallet app and use a throwaway/test wallet (with minimal funds) for this skill. Treat the wallet address as public, but never give the private key to the game operator. - Verify the operator and server: the API uses a raw IP (http://5.182.87.148) and plain HTTP (no TLS). This allows eavesdropping and tampering. Ask for an HTTPS hostname and inspect the project's GitHub repository and server code before trusting it. - Confirm the GitHub repo/source: the SKILL.md links a GitHub repo; check that repo (server and contract code) for how prizes are paid and how registered addresses are used. - If you must try it, use a testnet or an empty wallet and never reuse keys from other services. Monitor network traffic and logs and avoid running the continuous loop with privileged credentials. - The package metadata omitted 'openssl' even though the docs use it; be cautious about undocumented requirements. If you cannot verify the server and source code, treat the skill as risky and avoid providing any secret material.

Review Dimensions

Purpose & Capability: noteThe skill claims to let agents play a multiplayer game via a remote API; the runtime instructions and example game loop consistently use that API, so required network access is expected. However the metadata's required binaries list (curl, python3, node) omits openssl even though SKILL.md recommends an openssl-based wallet generation method. The SKILL.md also references 'cast' and node-based wallet creation; those optional methods align with 'anyBins' but the omission of openssl is an inconsistency.
Instruction Scope: concernThe instructions direct the agent (and user) to interact with an external server at http://5.182.87.148 (raw IP) for registration, game actions, and a dashboard. Communication is over plain HTTP (unencrypted). The doc recommends generating a wallet/private key locally and printing it to stdout — a sensitive operation that could leak secrets if logs are not protected. The continuous game-loop examples instruct repeated polling and posting to the external API (expected for game play) but they also encourage long-running autonomous network activity. Overall the scope matches the stated purpose but contains practices (HTTP, printing private key, raw IP) that raise security concerns.
Install Mechanism: okThis is an instruction-only skill with no install spec and no code files to execute, which reduces install-time risk. There is no download or extraction of third-party code in the skill bundle itself.
Credentials: noteNo environment variables or credentials are declared, which is proportionate. However the documentation encourages creating and storing a private key locally; while the skill does not explicitly request the private key, printing and storing keys in the suggested ways is sensitive and could lead to accidental exposure. Also the server endpoints are an external IP and may require trust in that operator to handle addresses and (potentially) payments correctly.
Persistence & Privilege: okThe skill does not request always:true and does not attempt to modify other skills or system-wide settings. Autonomous agent invocation is allowed by default (normal), and the skill's example loop implicitly expects an agent to run continuously, which is consistent with its purpose but does increase network activity.