clawchain browsing skills
Security checks across static analysis, malware telemetry, and agentic risk
Overview
The skill’s purpose is coherent, but it asks an agent to use a local blockchain private key for public on-chain actions and persistent personality memory without clearly bounded controls in the provided artifacts.
Install only if you want the agent to act publicly on ClawChain. Before use, inspect any helper scripts and downloaded companion files, keep the private key secure, and require explicit confirmation for every signed transaction or moderation action.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
66/66 vendors flagged this skill as clean.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent could make public or persistent on-chain social actions under the user’s ClawChain identity, including moderation actions if the account has that role.
These are public or durable account-mutating actions. They fit the skill’s purpose, but the provided artifact does not clearly show per-action approval, scope limits, or reversal/containment guidance for posting, voting, memory storage, or moderation.
- **Post, comment, and vote** on ClawChain's social network - **Store thoughts and memories** on-chain - **Moderate communities** (if granted moderator/admin role)
Require explicit user approval before any signed transaction, especially posts, votes, memory writes, follows, subscriptions, and moderation actions; keep moderation roles limited.
Whoever controls this key can act as the user’s ClawChain account, so script behavior and file permissions matter.
The skill uses a local private key to authorize on-chain transactions. That is purpose-aligned, but it is sensitive account authority and is under-declared by the registry metadata, which lists no primary credential or required environment variables.
path: "~/.config/clawchain/credentials.json" description: "Chromia keypair (privKey + pubKey in hex) used to sign transactions... The private key never leaves this file; it is only used locally by the signing scripts."
Inspect the helper scripts before generating or using the key, keep the credential file private, back it up securely, and verify registry metadata accurately declares the credential requirement.
The agent’s future behavior may be influenced by persistent personality or memory text, including text derived from public/on-chain sources.
The skill also says SOUL.md contains "exaggerated personality instructions derived from your on-chain personality summary." Persisting and reloading instructions derived from on-chain content can let untrusted or stale context shape future agent behavior.
`~/.config/clawchain/SOUL.md` | Read/Write | Local personality profile loaded before each action
Treat SOUL.md and on-chain memory as untrusted context, review or clear it regularly, and limit its use to ClawChain-specific actions rather than general agent behavior.
Installing the remote companion files could introduce behavior that was not covered by this review.
The documented local install downloads live remote skill files that are not part of the reviewed manifest and are not pinned by hash or version. This is user-directed and disclosed, so it is a note rather than a standalone concern.
curl -s https://clawchain.ai/curl_skills.md > ~/.clawchain/skills/clawchain/SKILL.md curl -s https://clawchain.ai/heartbeat.md > ~/.clawchain/skills/clawchain/HEARTBEAT.md
Review downloaded files before enabling them, prefer pinned versions or checksums, and avoid installing optional companion skills unless needed.