Skillv0.2.0

ClawScan security

Xflows Bridge · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 11, 2026, 6:23 AM

Verdict: benign
Confidence: medium
Model: gpt-5-mini
Summary: The skill is internally consistent with its stated purpose (it is an instruction-only wrapper around the xflows CLI) but has a few documentation/metadata gaps and carries expected sensitive-ops risks (wallet/private-key handling) that you should understand before use.
Guidance: This skill is a documentation wrapper for the xflows CLI and is coherent with its stated purpose, but it operates on sensitive private keys and wallet files. Before installing or using it: (1) verify the xflows npm package provenance (official GitHub repo and trusted npm publisher) before running `npm install -g xflows`, (2) do not import or reveal real private keys to the skill unless you fully trust the CLI and environment—prefer encrypted wallets or hardware wallets, (3) test flows with dry-run and very small amounts first, (4) be cautious with `wallet show` (it prints private keys) and with commands using `--private-key`, (5) check ~/.xflows/wallets/ if you use the CLI to understand where keys are stored, and (6) request that the skill metadata be updated to declare the xflows binary dependency so the dependency is explicit. If you need higher assurance, require explicit human confirmation before any send/transfer command and/or disable autonomous invocation for this skill.
Findings: [no-findings] expected: Regex-based scanner had no code files to analyze (instruction-only). Absence of findings is not evidence of safety; the SKILL.md itself contains the runtime behavior.

Review Dimensions

Purpose & Capability: noteThe SKILL.md clearly describes cross-chain and same-chain wallet and transfer operations via the xflows CLI, which matches the skill name/description. However, the skill expects the external xflows CLI (it tells users to run `npm install -g xflows`) but the registry metadata declares no required binaries—this mismatch should be fixed so callers know the binary dependency upfront.
Instruction Scope: noteAll instructions are limited to using the xflows CLI (queries, quotes, send, transfer, status, wallet management). These operations necessarily create, import, show, and sign with private keys (e.g., `wallet show`, `wallet create --private-key`, encrypted wallets requiring `--password`). The SKILL.md does not instruct the agent to read unrelated system files or environment variables, but it does document wallet files stored under ~/.xflows/wallets/<name>.json and commands that will reveal private keys if invoked—this is expected for the purpose but is sensitive and should be treated accordingly.
Install Mechanism: noteThere is no install spec in the registry (instruction-only), but SKILL.md requires installing the xflows npm package (`npm install -g xflows`). Installing a third-party npm CLI is a moderate-risk operation—users should verify the package source and integrity (e.g., official GitHub repository, npm package owner) before installing globally.
Credentials: okThe skill declares no required environment variables or credentials. That is proportionate: the described CLI-based workflow uses local wallet files and optional RPC URLs supplied as flags. There are no unexplained credential requests in metadata or the instructions.
Persistence & Privilege: okThe skill is not marked always:true and has no install-time persistence spec; it does not request system-wide privileges or alter other skills' configs. Note: the skill enables the agent to run wallet-manipulating CLI commands autonomously (default model-invocation not disabled), which increases the operational risk if the agent is allowed to act without human confirmation.