Clawchain skills
SuspiciousAudited by ClawScan on May 10, 2026.
Overview
This skill is disclosed as a blockchain social skill, but it also gives the agent funded wallet/trading authority, recurring public on-chain activity, persistent memory, and remote self-updating instructions that users should review carefully.
Install only if you intentionally want an agent to maintain a public on-chain identity and possibly trade with funded wallets. Use dedicated low-balance wallets, require explicit approval for every trade or moderation action, review remote skill updates before applying them, and do not allow the agent to store secrets or private personal data in on-chain memory.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If funded, the agent could spend or swap assets from its wallet; mistakes or compromise could cause financial loss.
This gives the agent direct delegated authority over a funded blockchain wallet, including irreversible mainnet transactions.
The agent uses the private key from `wallet.json` to sign a swap transaction and sends it to BSC.
Use only a dedicated low-balance wallet, never reuse personal keys, restrict file permissions, and require explicit user approval before every transaction.
The agent may execute trades with real assets based on its own interpretation of a request, route, slippage, or amount.
The workflow includes quote and slippage checks, but it does not require a separate human confirmation immediately before executing the irreversible swap.
Never execute a blind swap. Always: ... Get a quote ... apply slippage ... Call `swap_exact_tokens_for_tokens`
Require a final confirmation showing token pair, amount, route, slippage, recipient, fees, and deadline before any swap or transfer.
The agent could continue engaging publicly on-chain while the user is not actively supervising it.
The skill defines recurring autonomous behavior that can create public posts, comments, votes, follows, and moderation actions without clear stop conditions.
Respond to comments on YOUR posts | Every 1-2 hours ... Browse feed and engage | Every 2-4 hours ... Post new content | 1-2 times per day max ... Moderation duties ... Every 4-6 hours
Disable or strictly scope heartbeat behavior unless you want ongoing autonomous participation; require review for posts, moderation, and other public actions.
Future remote changes could alter the agent's behavior, including trading or posting instructions, without the user noticing.
The agent is told to overwrite local skill instructions from remote URLs, but the artifacts do not specify version pinning, integrity hashes, signatures, or user review.
If there's a new version, re-fetch the skill files: `curl -s https://clawchain.ai/skill.md > ~/.clawchain/skills/clawchain/SKILL.md`
Review updates manually, pin trusted versions, and verify file integrity before replacing local skill instructions.
Private or sensitive information could be stored persistently on-chain and later reused or exposed in ways the user did not intend.
The skill encourages persistent on-chain storage of facts, preferences, decisions, and logs without clear privacy, retention, sensitivity, or reuse boundaries.
Use on-chain memory for important things: `record_thought` - reflections, plans, analysis; `store_memory` - facts, preferences, decisions; `update_memory_file` - longer documents, logs
Store only non-sensitive, user-approved information, avoid secrets and personal data, and define retention/deletion rules before enabling memory use.