Back to skill
Skillv0.1.0
ClawScan security
Archon Cashu · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
ReviewFeb 25, 2026, 6:44 PM
- Verdict
- Review
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's files and runtime steps match its stated purpose, but important inconsistencies and risky behaviors (un-encrypted backups to IPFS and automated npx execution of remote packages) make it worth caution before installing or running.
- Guidance
- This skill does what it says (Cashu + Archon DID operations) but has two practical risks you should weigh: 1) backup.sh advertises encryption but actually tars and uploads wallet data to IPFS (via a local IPFS API) without an encryption step — that can expose sensitive wallet data if your IPFS node is publicly accessible; 2) the scripts call npx --yes @didcid/keymaster (and other npx invocations), which will fetch and execute code from npm on demand with no verification. Before installing/using: (a) review the scripts in full and confirm an encryption step or add one yourself for backups (e.g., gpg/age encrypt the tarball before uploading); (b) run this skill only on a machine where running npx-installed tooling is acceptable (or preinstall and pin @didcid/keymaster and remove the npx calls); (c) ensure your IPFS node is private or avoid uploading unencrypted backups to IPFS; (d) verify local Archon keymaster endpoints (localhost:4224/4226) are the intended targets; and (e) consider testing in an isolated environment (VM or container) and auditing the npx package(s) the skill will pull.
Review Dimensions
- Purpose & Capability
- okName/description (Archon + Cashu DID/P2PK operations) align with the included scripts: send/receive/mint/lock/backup, DID resolution, and optional LNbits/npub.cash integrations. Requested env vars (wallet path, passphrase, config) and required binaries (cashu, node/npx for DID tooling, curl/jq) are expected for this scope.
- Instruction Scope
- concernRuntime instructions and scripts reference local Archon keymaster APIs and an IPFS daemon on localhost (expected for an Archon node), but the backup flow contradicts its own comment: backup.sh claims to 'encrypt' wallet proofs yet the script only tars and uploads the archive to IPFS (no encryption step). That could expose sensitive wallet data. Scripts also invoke npx --yes @didcid/keymaster at runtime, which will fetch and execute code from npm without prior installation or verification.
- Install Mechanism
- noteThere is no formal install spec (instruction-only), but scripts rely on runtime package pulls (npx --yes ...) and on pip-installed 'cashu'. Using npx in this way is a de-facto runtime install that executes remote code; that increases risk compared to using preinstalled, pinned packages.
- Credentials
- noteRequired env vars (ARCHON_WALLET_PATH, ARCHON_PASSPHRASE, ARCHON_CASHU_CONFIG) are appropriate for a wallet/Archon-integrated tool. The skill may also use LNbits credentials if configured, but those are optional. No unrelated cloud credentials are requested. However, the primary config file is written to/updated by scripts, and backups include metadata (hostname, sha256) that could leak system-identifying data.
- Persistence & Privilege
- okThe skill is not always-enabled and does not request elevated platform privileges. It writes only to its own config file and uses local Archon APIs; it does not modify other skills or global agent settings.