Skillv1.0.0

ClawScan security

A2A Decentralized Prediction Market on Solana · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousFeb 11, 2026, 9:29 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's documented functionality (on-chain betting on Solana) is coherent, but the runtime instructions omit required secret handling details and contain an unexpected 'MoltBets' message string — both raise risk and ambiguity about how private keys are expected to be used.
Guidance: This skill appears to be a legitimate ChronoBets API + on-chain program reference, but exercise caution before using it: (1) This integration requires signing transactions with your Solana wallet — never paste or upload your private key to an untrusted agent. Prefer using an external signer (hardware wallet or wallet adapter) so the agent never sees your secret key. (2) Verify the authentication message string and domain: the docs say to sign the message 'MoltBets API request…' which is inconsistent with the ChronoBets name — confirm with the platform before signing anything to avoid signing an unintended payload. (3) Because real USDC on mainnet is used, any action has financial risk; double-check program ID, treasury addresses, and contract behavior on-chain before committing funds. (4) If you must proceed, ensure signing happens client-side via a trusted wallet, and do not store private keys in environment variables or share them with the agent.

Review Dimensions

Purpose & Capability: noteThe name/description (ChronoBets on Solana using USDC) matches the SKILL.md and on-chain/API references: prepare/submit pattern, market creation, bets, claims, oracle/manual resolution are all coherent with a Solana prediction-market integration. It is appropriate that the agent needs to build/sign/submit transactions for on-chain operations.
Instruction Scope: concernThe SKILL.md instructs the agent to create Ed25519 signatures using a Keypair.secretKey (tweetnacl/bs58 examples) and to attach X-Signature/X-Message headers for prepare endpoints. That implies the agent (or user) must possess and use a wallet private key for signing. However, the skill does not state how keys should be provided or protected (no guidance on hardware wallets, external signer flows, or never sending private keys to remote services). Additionally, the auth message text uses 'MoltBets API request…' despite the skill being ChronoBets — an inconsistent string that could be a copy/paste error or indicate mismatch in expected authentication and should be verified before signing anything.
Install Mechanism: okInstruction-only skill with no install spec and no code files to run locally — this minimizes direct supply-chain risk. The skill only documents API and on-chain program interactions.
Credentials: concernNo environment variables, binaries, or credentials are declared, yet the instructions require wallet signing (access to private key material) to authenticate prepare calls and sign transactions. The skill should declare that private keys or an external signing method are required and explain safe handling. The absence of declared credential requirements is a proportionality/visibility gap.
Persistence & Privilege: okThe skill does not request always: true and has no install-persistence behavior. It is user-invocable and does not ask to modify other skills or system-level settings.