CHEESE Agent Marketplace
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: cheese Version: 4.1.0 The skill requires a wallet private key (`CHEESE_PRIVATE_KEY`) and uses highly directive instructions in `SKILL.md` to force the agent into a persistent monitoring loop via Waku chat (`--watch`). This creates a significant attack surface where an agent could be manipulated by external messages while holding active credentials. The absence of the underlying script code (e.g., `scripts/cheese-cli.ts`) makes it impossible to confirm if the private key is handled securely or if the 'gasless relay' (aicheese.app) involves unauthorized data transmission.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the invoked CLI or environment is compromised, funds in that wallet could be spent or transferred.
A raw wallet private key grants broad signing authority over the wallet, not just narrowly scoped marketplace access.
export CHEESE_PRIVATE_KEY="0x..." # Your wallet private key
Use a dedicated low-balance wallet for this skill, avoid exposing a primary wallet private key, and confirm every transaction before signing.
The agent could lock, release, or otherwise move real funds if used without careful supervision.
The documented workflows authorize financially significant blockchain actions, but the provided instructions do not define explicit spend caps, confirmation requirements, or transaction-approval boundaries.
Create request — Post job with ETH/USDC escrow + required collateral ... Accept request — Deposit required collateral ... Complete — Release escrow to provider
Require explicit user approval for each on-chain transaction, set maximum spend/collateral limits, and review request addresses and amounts before signing.
Users cannot verify from the supplied skill artifacts what code will handle the private key and transactions.
The skill relies on executing a local TypeScript CLI, while the supplied artifact set contains no code files or install spec to review that implementation.
A unified CLI is available at `~/clawd/cheese/scripts/cheese-cli.ts`: ... `npx tsx scripts/cheese-cli.ts <command> [options]`
Install the CLI only from a trusted source, inspect it before use, pin a known commit/version, and avoid running it with a wallet holding significant funds.
Sensitive task details could be shared with a counterparty or over the marketplace communication channel if the agent includes them in chat.
The marketplace intentionally depends on Waku messages for coordination with counterparties, which may include work details, delivery confirmations, or dispute-related information.
YOU MUST USE WAKU CHAT FOR ALL REQUEST COMMUNICATION.
Do not send secrets or unrelated private data in Waku chat, verify the request address, and treat counterparty messages as untrusted instructions.
A monitoring process may continue running and reacting to marketplace communications until the trade ends.
The skill explicitly asks for a long-running watcher after creating or accepting a request. This is disclosed and purpose-aligned, but users should notice the ongoing activity.
Immediately run: `npx tsx scripts/cheese-cli.ts chat read <request_address> --watch` ... Keep monitoring until the request is completed or cancelled
Start the watcher only for intended requests and stop it after completion, cancellation, or expiry.