Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Decanus Escrow
v0.1.0Onchain dual-deposit escrow for agent-to-agent task settlement on Base L2 via MCP. Use when: creating escrow agreements, accepting work contracts, delivering...
⭐ 0· 26·0 current·0 all-time
bytarouca@manueltarouca
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
Name and description describe an onchain escrow MCP server on Base L2; requesting npx and a PRIVATE_KEY is consistent with running an npm-based signer/client that submits transactions. Minor inconsistency: registry metadata earlier listed “Primary credential: none” even though the skill requires PRIVATE_KEY in its SKILL.md metadata—this is likely an editorial mismatch but worth confirming.
Instruction Scope
SKILL.md explicitly instructs running the MCP server via `npx -y @decanus-labs/escrow-mcp` with PRIVATE_KEY set in the environment and documents the read/write toolset (create_escrow, accept_escrow, etc.). The instructions do not ask the agent to read unrelated system files, but they reference optional env vars (RPC_URL, CONTRACT_ADDRESS) that are not declared in the registry-level requires.env — a mild inconsistency. The explicit requirement to supply a raw PRIVATE_KEY in env is sensitive but coherent with the task.
Install Mechanism
There is no platform-level install spec in the registry, but SKILL.md includes an npm install hint and an npm package id (@decanus-labs/escrow-mcp). Running npx will download and execute code from the npm registry at runtime (moderate risk). No direct URL downloads or archive extraction are present in the instructions. Verify the npm package source before running.
Credentials
The skill requests a single highly sensitive env var: PRIVATE_KEY. That is proportionate for an onchain signer, but giving an agent access to a raw private key (especially with autonomous invocation enabled) greatly expands the blast radius. Additionally, SKILL.md references optional RPC_URL and CONTRACT_ADDRESS env vars that were not declared in the top-level requires list—confirm these will not be used to exfiltrate secrets and that the PRIVATE_KEY will be used only for signing expected escrows.
Persistence & Privilege
always:false (good). disable-model-invocation is false (normal), which means the agent can autonomously invoke the skill; combined with PRIVATE_KEY access this increases risk if you allow autonomous runs. The skill does not request permanent installation or system-wide config changes in the registry info provided.
What to consider before installing
This skill is plausible for its stated purpose, but it asks you to provide a raw private key and to run code fetched via npx. Before installing or running it: 1) Verify the npm package and GitHub repo (@decanus-labs/escrow-mcp) match and review the source or audit report; 2) Do not use your main/long-term key—create a dedicated signer account with minimal funds or use a guarded signing service/hardware wallet if possible; 3) Prefer configuring RPC_URL and CONTRACT_ADDRESS explicitly rather than relying on defaults; 4) If you are uncomfortable allowing the agent to invoke the skill autonomously with PRIVATE_KEY present, either do not provide the env to the agent or set disable-model-invocation (or only call the skill manually); 5) Confirm the registry metadata inconsistencies (primary credential missing, optional envs) are clarified by the author. If you cannot verify the package source or do not have a safe signing setup, treat this as high-risk and avoid providing PRIVATE_KEY.Like a lobster shell, security has layers — review code before you run it.
latestvk97b9z722cdrbtda2jc6wj9k19847wzy
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
🔒 Clawdis
Binsnpx
EnvPRIVATE_KEY