Skillv2.0.1

ClawScan security

Agent Casino · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousFeb 27, 2026, 5:23 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's code and docs match an on‑chain Rock‑Paper‑Scissors dapp, but it relies on an external API to produce unsigned transactions (no homepage or provenance) and provides no instructions to validate those transactions — this creates a meaningful risk that unsigned txs could be crafted to drain funds if the API or agent signing flow is compromised.
Guidance: This skill appears to implement on‑chain Rock‑Paper‑Scissors and is coherent with that purpose, but it relies on an external API (casino.lemomo.xyz) to produce unsigned transactions you must sign. Before using: 1) Verify the API domain and the provided contract addresses on Base mainnet (check explorer and contract bytecode/admin status). 2) Never paste your private key into an unknown service — use a local or hardware signer and inspect every transaction before signing (check tx.to, value, and input). 3) Prefer signing tools that show human‑readable method names and parameters. 4) Test with a very small amount first. 5) If you cannot independently verify the contract addresses and that the API only creates expected RPS transactions, treat this as high risk. If you want lower risk, use an audited, well‑documented casino dapp with public provenance or only interact via a wallet UI that explicitly shows the exact on‑chain call.

Review Dimensions

Purpose & Capability: okName/description, SKILL.md, and the CLI all describe an on‑chain RPS game on Base Mainnet using USDC. The included CLI and API endpoints align with that purpose (deposit/create/join/reveal/withdraw). No unrelated binaries or env vars are requested.
Instruction Scope: concernThe SKILL.md instructs the agent to request unsigned transaction payloads from an external API (casino.lemomo.xyz) and sign/broadcast them using the player's wallet. The instructions do not require or demonstrate any validation of returned transactions (to/from addresses, expected contract addresses, method signatures, values). Because the API is trusted to build txs, a malicious or compromised API could return unsigned transactions that, if signed and broadcast, transfer funds elsewhere. The SKILL.md warns about real money but does not instruct explicit verification steps.
Install Mechanism: okThere is no install script or remote download; only a small local CLI script and package.json are included. No archives or external installers are pulled during install.
Credentials: noteThe skill does not request credentials or secret env vars (only an optional CASINO_URL). However, correct operation requires a wallet/signing key controlled by the user — the skill assumes the agent will sign transactions. This is expected for on‑chain tooling but increases risk if an agent/skill encourages or mishandles private keys. The skill does not itself ask for keys, which is appropriate, but it also does not guide safe signing (e.g., local/hardware signing, verifying tx contents).
Persistence & Privilege: okSkill is not always‑on, is user‑invocable, and does not request elevated system presence or modify other skills. No persistence or privileged flags are set.