Skillv1.0.25

ClawScan security

Soulprint · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 2, 2026, 4:04 AM

Verdict: Benign
Confidence: medium
Model: gpt-5-mini
Summary: The skill's requirements and instructions largely match its stated purpose (a Node/npm CLI for decentralized identity and validator operation), but there are a few small inconsistencies and privacy-sensitive operations you should verify before installing or running.
Guidance: This skill is coherent with its stated purpose, but it deals with sensitive identity data and installs an npm package that runs code on your machine. Before installing or running it: 1) confirm the exact npm package(s) and publisher (inspect the package on npm and GitHub) to ensure you're installing the official project; 2) run the CLI in a sandbox or container first; 3) do not provide private keys (ADMIN_PRIVATE_KEY) unless you intend to run a validator and fully trust the code; 4) verify the claim that OCR/face matching is 100% local (read the package source to confirm there are no unexpected network uploads); 5) confirm on-chain contract addresses and endpoints are correct; and 6) if you care about privacy, audit or inspect the npm package contents and maintain backups before installing.

Review Dimensions

Purpose & Capability: okName/description (decentralized identity, ZK proofs, validator node) align with the declared binaries (node, npx) and the npm install specification (installs a soulprint CLI). The SKILL.md documents running validator nodes, CLI verify commands, and middleware integration which are appropriate for an identity/validator tool. Minor inconsistency: the install spec lists package "soulprint" while the README shows using packages/commands like `soulprint-network` and `npx soulprint ...` (multiple package names referenced). This is explainable (CLI vs subpackages) but worth confirming the exact package(s) the installer will fetch.
Instruction Scope: noteThe SKILL.md instructs running local OCR, face-matching, and ZK proof generation (e.g., `npx soulprint install-deps` and `npx soulprint verify-me`) — all of which are within the stated purpose but involve sensitive local data (document images, face images). The instructions also reference on-chain queries and an optional Registraduría validation endpoint. The doc does not instruct reading unrelated system files or exfiltrating data, but it does expect network access (blockchain, validator endpoints) and use of local biometric/document data; confirm the tool truly keeps sensitive inputs local and does not transmit them to third-party services.
Install Mechanism: noteInstallation is via an npm package (install spec: node package 'soulprint'), which is expected for a Node CLI. npm installs run arbitrary package code, so this is a moderate-risk mechanism compared with instruction-only skills. No external arbitrary download URLs or archive extraction are specified. Verify the package name/version and publisher on the npm registry and inspect package contents if possible before installing.
Credentials: noterequires.env is empty in metadata, which is reasonable for a general CLI. However SKILL.md examples show sensitive environment variables (ADMIN_PRIVATE_KEY, ADMIN_TOKEN) for running a validator node — appropriate for the documented operation but not declared as required. This is not inherently incoherent (validator nodes legitimately need private keys), but users should not provide private keys unless they intend to run a validator and trust the package. Also confirm whether the tool will prompt for or read files (images, camera) and whether those remain local.
Persistence & Privilege: okNo elevated platform privileges are requested: always is false, user-invocable true, and there is no indication the skill modifies other skills or system-wide agent settings. The npm install will write files to disk (normal for a CLI) but does not claim to persistently alter agent configuration beyond installing a binary.