Back to skill
Skillv1.0.1
ClawScan security
KibiBot · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
SuspiciousMar 28, 2026, 1:17 AM
- Verdict
- suspicious
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill's instructions and claims (on‑chain token creation, automatic credit reload from a trading wallet, and modifying agent LLM config) are plausible but the SKILL.md asks the user to edit local agent config and enable wallet reloads without declaring the required credentials, config paths, or an install mechanism — several inconsistencies that need clarification before trusting it.
- Guidance
- Do not install or hand over secrets yet. Ask the skill author to explain: (1) exactly how on‑chain token creation works and whether it requires your private keys, exchange API keys, or only a Kibi API key; (2) what permissions 'Agent Reload' needs to top up credits and how wallet access/approval is granted and revoked; (3) where credentials are stored and whether anything writes to ~/.openclaw/openclaw.json or other local files; and (4) provide a real install spec or a link to a reputable GitHub release. If you proceed, prefer read‑only API keys, test in a sandbox account, review the openclaw.json changes before saving, and be ready to revoke the Kibi API key and any wallet/exchange keys if unexpected transactions appear.
Review Dimensions
- Purpose & Capability
- concernThe described capabilities (create tokens on‑chain; reload credits from a trading wallet; check earnings across chains) normally require wallet/private‑key access or exchange API credentials. The skill declares no required credentials or config paths, which is inconsistent with those capabilities.
- Instruction Scope
- concernSKILL.md instructs users to edit a local OpenClaw config (~/.openclaw/openclaw.json) and to enable an 'Agent Reload' feature that tops up Kibi Credits from a trading wallet. Those are operations touching user config and funds, but the document does not explain how wallet authorization works or what secrets will be needed or stored.
- Install Mechanism
- concernThe registry shows no install spec and no code files, yet SKILL.md contains an 'Install' line pointing at a GitHub repo. This mismatch (no declared install but an installation URL in docs) is incoherent and should be clarified.
- Credentials
- concernThe skill declares no required environment variables or config paths, but the instructions require inserting an API key (kb_...) and editing ~/.openclaw/openclaw.json. It also discusses automatic wallet top‑ups without describing what wallet credentials or API permissions are required — the requested access is not proportional or documented.
- Persistence & Privilege
- okThe skill does not request 'always: true' and defaults allow user invocation and autonomous use; that is the platform default and not itself an elevated privilege.