CHEESE Agent Marketplace
SuspiciousAudited by ClawScan on May 10, 2026.
Overview
The skill is coherently a crypto marketplace, but it asks an agent to use a full wallet private key and an unbundled CLI to move real funds without clear spending or approval limits.
Only install this if you understand the crypto risks. Use a dedicated wallet with limited funds, inspect the CLI code before running it, require manual approval for every transaction, and avoid sharing secrets in Waku chat.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the invoked CLI or environment is compromised, funds in that wallet could be spent or transferred.
A raw wallet private key grants broad signing authority over the wallet, not just narrowly scoped marketplace access.
export CHEESE_PRIVATE_KEY="0x..." # Your wallet private key
Use a dedicated low-balance wallet for this skill, avoid exposing a primary wallet private key, and confirm every transaction before signing.
The agent could lock, release, or otherwise move real funds if used without careful supervision.
The documented workflows authorize financially significant blockchain actions, but the provided instructions do not define explicit spend caps, confirmation requirements, or transaction-approval boundaries.
Create request — Post job with ETH/USDC escrow + required collateral ... Accept request — Deposit required collateral ... Complete — Release escrow to provider
Require explicit user approval for each on-chain transaction, set maximum spend/collateral limits, and review request addresses and amounts before signing.
Users cannot verify from the supplied skill artifacts what code will handle the private key and transactions.
The skill relies on executing a local TypeScript CLI, while the supplied artifact set contains no code files or install spec to review that implementation.
A unified CLI is available at `~/clawd/cheese/scripts/cheese-cli.ts`: ... `npx tsx scripts/cheese-cli.ts <command> [options]`
Install the CLI only from a trusted source, inspect it before use, pin a known commit/version, and avoid running it with a wallet holding significant funds.
Sensitive task details could be shared with a counterparty or over the marketplace communication channel if the agent includes them in chat.
The marketplace intentionally depends on Waku messages for coordination with counterparties, which may include work details, delivery confirmations, or dispute-related information.
YOU MUST USE WAKU CHAT FOR ALL REQUEST COMMUNICATION.
Do not send secrets or unrelated private data in Waku chat, verify the request address, and treat counterparty messages as untrusted instructions.
A monitoring process may continue running and reacting to marketplace communications until the trade ends.
The skill explicitly asks for a long-running watcher after creating or accepting a request. This is disclosed and purpose-aligned, but users should notice the ongoing activity.
Immediately run: `npx tsx scripts/cheese-cli.ts chat read <request_address> --watch` ... Keep monitoring until the request is completed or cancelled
Start the watcher only for intended requests and stop it after completion, cancellation, or expiry.