ClawHub
Back to skill
v1.0.2

Zhentan

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 8:29 AM.

Analysis

Zhentan is transparent about being a crypto co-signer, but it gives a remote service and bearer secret high-impact authority to approve and execute on-chain transactions.

GuidanceTreat this as a high-trust financial co-signer. Install it only if you trust the Zhentan service, can protect and revoke AGENT_SECRET, understand when transactions may be auto-executed, and are comfortable with your Safe transaction behavior being profiled for risk scoring.

Findings (5)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation
SeverityHighConfidenceHighStatusConcern
SKILL.md
Run each command immediately... curl -s -X POST https://api.zhentan.me/execute ... -d '{"txId":"tx-XXX","callerId":"telegram:<origin.from>"}'

The skill instructs the agent to call an execution endpoint that co-signs and executes a transaction based on a txId. This is purpose-aligned for a co-signer, but it is a high-impact financial action with no artifact-shown secondary confirmation or bounded scope.

User impactA mistaken, spoofed, or misunderstood approval command could lead to an on-chain transaction being executed.
RecommendationUse only if you are comfortable giving this skill transaction-execution authority; require manual review of recipient, token, amount, and decoded calldata before approving any txId.
Cascading Failures
SeverityHighConfidenceHighStatusConcern
SKILL.md
APPROVE (risk < 40): auto-executes on-chain... Safe transactions are auto-signed and executed instantly.

The described pipeline can turn an automated risk classification into immediate on-chain execution. A bad classification or bad queued transaction could propagate into an irreversible financial action.

User impactAn error in risk scoring or transaction interpretation could result in funds or assets moving before a human reviews them.
RecommendationUse conservative thresholds, disable auto-execution for valuable Safes, and require human approval for high-value or unusual transactions.
Agentic Supply Chain Vulnerabilities
SeverityMediumConfidenceHighStatusNote
metadata
Source: unknown; Homepage: none; No code files present — this is an instruction-only skill.

There is no local implementation to inspect and no public source or homepage in the supplied metadata. For a high-impact remote co-signer, this provenance gap is important even though no hidden local code is present.

User impactYou must rely on the remote Zhentan service’s behavior and operator trustworthiness.
RecommendationVerify the provider independently, confirm the API domain and operator, and avoid granting access to high-value Safes until provenance and controls are clear.
Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse
SeverityHighConfidenceHighStatusConcern
SKILL.md
Authorization: Bearer $AGENT_SECRET ... If origin.from is unavailable, omit callerId rather than sending a placeholder.

The bearer secret is required on every request and appears to be the primary privileged credential, while the per-user caller identity is allowed to be omitted. The artifact therefore does not clearly bound privileged actions to an authenticated Telegram user.

User impactIf the secret is exposed or misused, privileged API operations such as execution, rejection, or configuration changes may be possible without a clear caller boundary.
RecommendationProtect and rotate AGENT_SECRET, verify that the server enforces Safe ownership and caller identity, and prefer least-privilege/revocable credentials.
Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Memory and Context Poisoning
SeverityMediumConfidenceHighStatusNote
SKILL.md
It learns how you transact — amounts, timing, tokens and recipients — and screens every pending transaction against your behavioral profile and external security scanners (GoPlus, Honeypot.is, De.fi).

The skill discloses persistent behavioral profiling and use of external security scanners. This is aligned with the security purpose, but transaction behavior and counterparties can be sensitive and influence future automated decisions.

User impactYour transaction patterns may be stored or processed to make future signing decisions.
RecommendationReview the service’s retention, sharing, and model/profile reset controls before using it with sensitive wallets.