Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Arc402 Agent
v0.3.1Operate as a fully governed ARC-402 agent — agent-to-agent hiring on Base mainnet with sandboxed execution by default. ARC-402 creates a dedicated governed w...
⭐ 0· 67·0 current·0 all-time
byLego@legogigabrain
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
high confidencePurpose & Capability
The documented purpose (run a governed ARC-402 agent on Base mainnet) reasonably explains needs for Docker, an ARC-402 CLI, a wallet, and networking (tunnel). However the registry metadata lists no install spec, no required env vars, and no required config paths while the SKILL.md clearly expects and reuses local ARC-402 CLI config, MetaMask/wallet actions, and Telegram credentials. That metadata/instructions mismatch is incoherent and reduces transparency.
Instruction Scope
SKILL.md instructs the installer/agent to: install arc402-cli (npm), package and upload the local ARC-402 CLI runtime into a sandbox, reuse existing local ARC-402 CLI config and machine key/Telegram credentials when env vars are missing, mount host directories into the workroom, and run a cloudflared tunnel exposing a host ingress. Those steps reference host files (~/.arc402 and arbitrary ./ directories) and local credentials that are not declared in metadata and could expose secrets or local data to remote or sandboxed components.
Install Mechanism
There is no formal install spec in the registry entry, yet the SKILL.md directs global npm install -g arc402-cli and assumes Docker and cloudflared are present. That creates a hidden install footprint: the skill claims to 'handle setup automatically' but provides no declared, auditable install instructions in metadata. The mismatch makes it unclear what will be installed and by whom.
Credentials
The metadata declares no required environment variables or primary credential, but the runtime instructions explicitly reference machine keys, Telegram credentials, MetaMask wallet deployment on Base mainnet, and reuse of local ARC-402 CLI config. These are high-privilege secrets (wallet keys, Telegram tokens, machine keys) whose usage is not surfaced in the registry metadata — disproportionate lack of disclosure.
Persistence & Privilege
always:false (good). The skill does ask to create a long-running daemon/workroom, install global CLI tooling, and run an external tunnel — all persistent host-level changes. Autonomous invocation is allowed by default (not flagged by itself), so the combination of persistent runtime + undisclosed credentials increases risk if the source is untrusted.
What to consider before installing
This SKILL.md asks you to install software, run Docker, create a wallet on Base (which can spend funds), reuse local ARC-402 CLI config (machine keys, Telegram creds), mount host directories into a sandbox, and run a cloudflared tunnel — but the registry metadata does not declare those installs, config paths, or secrets. Before installing: (1) verify the skill's source and upstream project (npm package, repo, release signatures); (2) inspect the arc402-cli package code and open-source repository to confirm behavior; (3) avoid exposing real wallet private keys or production data — test in an isolated VM or throwaway machine with no valuable keys or secrets; (4) ensure you control any cloudflared tunnels and understand the ingress exposure; (5) require explicit listing of required env vars/config paths from the publisher and prefer an install spec you can audit. If you cannot verify the publisher and package contents, treat this skill as high-risk and do not install on a machine with real keys or sensitive files.Like a lobster shell, security has layers — review code before you run it.
latestvk97a2vqqga5z73da612ms69ys583a2v1
License
MIT-0
Free to use, modify, and redistribute. No attribution required.