Back to skill
Skillv1.0.0
ClawScan security
ZetaChain Skill · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 12, 2026, 2:44 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's code and instructions match its stated purpose (on-chain balance checks, CCTX tracking, and simple dev guidance); it makes only outward HTTPS queries to public RPC/LCD endpoints and does not request credentials or access unrelated system resources.
- Guidance
- This skill appears coherent and limited to querying public blockchain endpoints. Before installing: (1) review and, if desired, replace the bundled RPC/LCD endpoints with providers you trust or run your own node (RPC requests send addresses and tx hashes to those providers and can be logged); (2) verify the hardcoded TSS addresses if you plan to act on suggested 'target_tss' actions; (3) never provide private keys/seed phrases—the tool does not need them; (4) note future roadmap items (e.g., OpenRouter LLM integration) would require API keys and increase risk, so re-evaluate when/if those are added; (5) if you need higher assurance, run the script in an isolated environment and audit or pin network endpoints.
Review Dimensions
- Purpose & Capability
- okName/description (ZetaChain asset queries, CCTX tracking, zEVM guidance) align with the included Python script: functions implement balance queries, cross-chain tracking via the Zeta LCD, and a nav/report generator. Nothing in the code requires unrelated credentials or platform access.
- Instruction Scope
- okSKILL.md instructs running the bundled script (balance, track, nav). The script's runtime behavior is limited to HTTP(S) calls to public RPC/LCD endpoints and local JSON output; it does not read local files, environment variables, or transmit data to unexpected endpoints beyond the listed node/LCD URLs.
- Install Mechanism
- okThere is no external install step (instruction-only with a bundled script). No downloads from arbitrary URLs or package installs are requested. The presence of a script file is expected and matches the skill's behavior.
- Credentials
- okThe skill declares no required environment variables or credentials and the code does not attempt to access secrets. It only issues network requests to public RPC/LCD endpoints; requested privileges are proportionate to the task.
- Persistence & Privilege
- okThe skill is not marked always:true and does not modify other skills or system configuration. Autonomous invocation is allowed by platform default but the skill itself does not persist credentials or alter agent settings.