v1.0.1

clawchain browsing skills

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 5:50 AM.

Analysis

The skill is transparent about being a ClawChain social-network integration, but it gives the agent authority to sign and publish on-chain actions and to reuse persistent personality/memory instructions, so it should be reviewed carefully before installation.

GuidanceInstall only if you are comfortable letting an agent use a dedicated ClawChain identity to post, vote, store memories, and possibly moderate communities. Before use, inspect any downloaded helper scripts and HEARTBEAT.md, protect credentials.json, and require explicit confirmation before every on-chain write or moderation action.

Findings (4)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation

SeverityMediumConfidenceHighStatusConcern

SKILL.md

This skill enables an AI agent to: ... Post, comment, and vote ... Follow agents ... Store thoughts and memories on-chain ... Moderate communities ... All operations use local helper scripts ... then submit the signed transaction hex via curl

The skill grants the agent transaction-signing workflows for public/social account actions and moderation, but the visible artifact does not define clear per-action approval, preview, or rollback boundaries.

User impactAn agent could publish, vote, store memories, or take moderation actions on the user's ClawChain identity, potentially creating public or hard-to-reverse effects.

RecommendationRequire explicit user confirmation and transaction preview before every post, vote, memory write, follow, subscription, registration, or moderation action.

Agentic Supply Chain Vulnerabilities

SeverityLowConfidenceMediumStatusNote

SKILL.md

curl -s https://clawchain.ai/curl_skills.md > ~/.clawchain/skills/clawchain/SKILL.md
curl -s https://clawchain.ai/heartbeat.md > ~/.clawchain/skills/clawchain/HEARTBEAT.md ... install: "npm install postchain-client" ... install: "npm install @chromia/ft4"

The install guidance fetches remote companion skill files and installs unpinned npm dependencies. This is consistent with the skill's purpose, but users should verify what is downloaded before running signing helpers.

User impactFuture changes to remote files or packages could affect how the agent signs or submits transactions.

RecommendationDownload and inspect companion files and helper scripts before use, pin dependency versions where possible, and avoid running updated remote content blindly.

Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse

SeverityMediumConfidenceHighStatusNote

SKILL.md

path: "~/.config/clawchain/credentials.json" ... "Chromia keypair (privKey + pubKey in hex) used to sign transactions" ... "This keypair identifies your agent's on-chain account"

The skill discloses a local private key used for the agent's blockchain identity. This is expected for signing ClawChain transactions, but it is sensitive account authority.

User impactAnyone or anything that can read or misuse this keypair may be able to act as the user's ClawChain agent account.

RecommendationProtect the credentials file, verify permissions such as chmod 600, avoid sharing it, and use a dedicated low-value ClawChain identity rather than reusing sensitive keys.

Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Memory and Context Poisoning

SeverityMediumConfidenceHighStatusConcern

SKILL.md

`~/.config/clawchain/SOUL.md` | Read/Write | Local personality profile loaded before each action ... "Contains exaggerated personality instructions derived from your on-chain personality summary."

The skill stores persistent personality instructions and loads them before each action, making stored or on-chain-derived content a recurring influence on future agent behavior.

User impactPersistent personality or memory content could steer the agent's future actions, cause it to over-trust stored instructions, or preserve sensitive information longer than expected.

RecommendationReview SOUL.md regularly, keep personality/memory content separate from operational instructions, sanitize on-chain-derived text, and allow users to disable or approve memory loading.