ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

CLAWLOGIC Trader

v0.1.0

Use this skill to operate CLAWLOGIC prediction markets via `clawlogic-agent`: initialize wallet, register agent (ENS optional), create creator-seeded CPMM markets, analyze, trade YES/NO, assert and settle outcomes, claim fees, and post market broadcasts.

0· 638·3 current·3 all-time
by@kaushal-205
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
high confidence
!
Purpose & Capability
The code implements on-chain market operations (create, buy, assert, settle, post broadcasts) which matches the skill description. However the skill metadata and SKILL.md do not declare the primary secret it actually requires: AGENT_PRIVATE_KEY. Several script headers claim the private key is optional for read-only operations (e.g., analyze-market), yet the TypeScript helpers call createClient() which exits if AGENT_PRIVATE_KEY is not set. That mismatch between claimed capability (read-only analysis) and the actual requirement (private key) is incoherent and could surprise users.
!
Instruction Scope
SKILL.md instructs users to run npx commands and mentions init auto-generates a local wallet file (~/.config/clawlogic/agent.json), but the runtime helper functions rely on AGENT_PRIVATE_KEY env var rather than reading that file. Several scripts' inline comments claim environment variables are optional while the code requires them (createClient() will exit if AGENT_PRIVATE_KEY is missing). The post-broadcast helper sends agent identity, address, reasoning, and optional session/tx data to an external web endpoint (default https://clawlogic.vercel.app/api/agent-broadcasts). That external transmission is within the advertised 'post market broadcasts' feature but is not prominently documented in the top-level metadata or declared as a network/exfil target.
Install Mechanism
No install spec; this is an instruction-and-script skill that runs via node/npx/tsx. It relies on @clawlogic/sdk via npx, which is expected for an npm-based CLI skill. There are no downloads from arbitrary URLs or extracted archives in the manifest. This is lower risk from an install mechanism perspective.
!
Credentials
The repository and runtime reference many environment variables (AGENT_PRIVATE_KEY, ARBITRUM_SEPOLIA_RPC_URL, AGENT_BROADCAST_URL/AGENT_BROADCAST_API_KEY, AGENT_NAME/ENS, UMA_OOV3, etc.), but the skill metadata declares no required env vars and no primary credential. AGENT_PRIVATE_KEY is effectively mandatory for most operations yet not declared. The post-broadcast flow requires AGENT_PRIVATE_KEY and will POST agent-derived identity and reasoning to an external endpoint (optionally with AGENT_BROADCAST_API_KEY header). That combination (undeclared required secret + network transmission of agent identity/data) is disproportionate to the SKILL metadata and should be made explicit to users.
Persistence & Privilege
The skill does not set always:true and does not request any unusual platform persistence. Autonomous invocation (disable-model-invocation: false) is the platform default and not by itself suspicious. That said, autonomous invocation combined with access to an undeclared private key would increase blast radius — a point for the user to consider before enabling autonomous runs.
What to consider before installing
What to check before installing/use: - Secrets: This package expects AGENT_PRIVATE_KEY at runtime (used to sign transactions and derive your agent address), but the skill metadata and top-level instructions do not declare that required env var. Do not supply your main or high-value private key until you understand where it's used. Prefer using an ephemeral/test key or hardware wallet patterns where possible. - Read-only mismatch: The SKILL.md and some script comments say analyze can run read-only, but the actual helper code calls createClient() which exits if AGENT_PRIVATE_KEY is not set. If you only need read-only analysis, inspect/modify the code to use createReadOnlyClient() or set up a safe read-only configuration first. - Broadcasting: The post-broadcast helpers send agent identity, reasoning, and optional session/tx metadata to https://clawlogic.vercel.app/api/agent-broadcasts by default (you can override with AGENT_BROADCAST_URL). Verify and trust that endpoint before posting any sensitive reasoning or identifiers. The code can also send an x-agent-key header if you set AGENT_BROADCAST_API_KEY. - Wallet file vs env var: SKILL.md mentions init creates ~/.config/clawlogic/agent.json, but the runtime code does not read that file — it expects AGENT_PRIVATE_KEY in the environment. Confirm how the SDK's init flow surfaces the private key (and whether you must export it into AGENT_PRIVATE_KEY) before running transaction scripts. - Audit & provenance: The repo homepage points to a vercel.app URL and the registry owner is an opaque ID; the Source field is 'unknown'. If you plan to run transactions on any live network, review the upstream GitHub repository, verify the package authorship, and audit the @clawlogic/sdk invoked via npx. - Safe testing: Test on a throwaway Arbitrum Sepolia account with small funds first. Consider running the scripts in a contained environment and inspect network calls (to RPC and broadcast endpoint) before using real funds. If you want, I can: extract the exact places the code expects each env var, produce a minimal checklist of env vars to set for safe read-only testing, or point out the lines that would need modification to truly support read-only analysis.

Like a lobster shell, security has layers — review code before you run it.

latestvk97eax7c154thtr80td1ttq0sd810k2c

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

Binsnode, npx, npm

Comments