Skillv1.2.0

ClawScan security

Millionfinney Homepage · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousFeb 23, 2026, 3:38 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's content mostly matches its stated purpose (guide for claiming pixels) but it contains an executable helper script and examples that expect private keys/RPC env vars without declaring them, which is an incoherence worth caution.
Guidance: This skill appears to be a legitimate educational guide for claiming pixels, but be cautious: it includes a runnable Python script and examples that assume you will supply an RPC URL and a PRIVATE_KEY to perform on-chain actions. Before using or running anything: (1) verify the contract address on-chain and confirm the official project domain (millionfinneyhomepage.com) from independent sources; (2) never paste your private key into a skill or chat — use a hardware wallet or a temporary testnet key when experimenting; (3) prefer testing on a public testnet (Sepolia/Goerli) before mainnet; (4) inspect the IPFS upload API and privacy policy for the project if you plan to use their upload endpoint (uploads can tie your wallet to media and may be stored on their backend); (5) review scripts locally (the included Python script only performs offline image processing) and run them offline before handing any credentials to tooling; (6) if you want the skill to perform transactions, require explicit declaration of needed env vars and limit autonomous invocation. If you are unsure about any of the on-chain or API steps, ask for clarification or assistance from a knowledgeable human before proceeding.

Review Dimensions

Purpose & Capability: noteName, description, SKILL.md, contract reference, pixel-art guide, and the provided Python rasterizer are coherent with a pixel-claiming guide. Nothing in the files requests unrelated cloud credentials or system-wide access.
Instruction Scope: concernSKILL.md repeatedly emphasizes 'educational' and 'no code execution', but the repository includes a runnable script (scripts/image_to_pixels.py) and code examples that demonstrate on-chain purchases and IPFS uploads. The guide's examples reference environment variables (e.g., process.env.PRIVATE_KEY, RPC_URL) and an upload API — these are operational instructions that, if followed, require secrets and network calls. The SKILL.md does not explicitly instruct running the script, but its presence means an agent or user could run it; the mismatch between 'no execution' and provided runnable code is an inconsistency.
Install Mechanism: okNo install spec is present and the skill is instruction-only aside from the helper script; nothing is fetched from remote URLs during install. This is low risk in terms of installation mechanism.
Credentials: concernThe skill declares no required environment variables, yet the Ethers.js examples reference RPC_URL and PRIVATE_KEY for signing transactions. The contract docs show an IPFS upload API that expects an address and EIP-191 signatures. Asking for or using private keys/RPC endpoints is appropriate for on-chain actions, but the skill should declare these needs explicitly. The omission is an incoherence and increases risk if a user or agent supplies secrets without understanding why.
Persistence & Privilege: okalways:false and no install hooks or config writes are present; the skill does not request persistent system privileges or automatic inclusion. Autonomous invocation is allowed by default but is not combined with other high-risk flags here.