Skillv1.1.2

ClawScan security

Hunazo · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousFeb 28, 2026, 11:26 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's stated purpose (on‑chain purchases) aligns with requiring a signing key, but the metadata and instructions contain mismatches and a potentially risky expectation that your raw WALLET_PRIVATE_KEY be present in the agent environment — this is disproportionate and could enable autonomous spending if not carefully controlled.
Guidance: This skill appears to be what it claims (a marketplace that needs on‑chain signing), but there are metadata and deployment concerns you should address before enabling it: - Do not place your raw wallet private key in a general-purpose environment variable unless you understand the risk. Prefer a hardware wallet, an external signer, or Coinbase Agentic Wallet (MPC) as suggested in the docs. - The skill metadata marks WALLET_PRIVATE_KEY as required even though the SKILL.md says it's only needed for buying. Expect the platform to prompt for the env var at enable time; decline if you can't provide the key securely. - The metadata lists only curl but the signing flow requires a local x402 client/library; confirm how signing will be performed on your agent host and that the x402 client you use is trusted and installed separately. - Because the agent can invoke the skill autonomously, a private key accessible to the agent could be used to make purchases without additional confirmations. If you enable this skill, restrict when and how it can be invoked (manual invocation or additional prompts), or keep the signing key in a secure signer that requires explicit approval. If you want to proceed, verify the x402 client implementation you will use, prefer delegated/MPC signing, and avoid storing private keys in plain environment variables accessible by the agent runtime.

Review Dimensions

Purpose & Capability: noteMarketplace + on‑chain escrow justifies needing a signing key for purchases. However, the registry metadata marks WALLET_PRIVATE_KEY as a required env var even though the SKILL.md itself says the key is only needed for buying (not for browsing/selling). Also the skill lists curl as the only required binary but relies on a local x402 signing client (not declared), creating an expectation mismatch.
Instruction Scope: okSKILL.md instructs the agent to call Hunazo APIs via HTTPS and to perform x402 signing locally; it does not instruct the agent to read unrelated files or exfiltrate data. The instructions explicitly state that private keys are 'never sent to Hunazo' and that signing happens client‑side.
Install Mechanism: okInstruction-only skill with no install spec or downloads; nothing written to disk by the skill itself. This is low install risk.
Credentials: concernRequesting WALLET_PRIVATE_KEY in requires.env is sensitive. It is plausible for purchases, but marking it as globally required is disproportionate (not needed for browsing/selling). The skill does not declare a primary credential despite requesting a raw private key, and it fails to declare the x402 client dependency; both are metadata inconsistencies. Storing a raw private key in an environment variable accessible to an autonomous agent increases risk of unintended transactions.
Persistence & Privilege: okThe skill is not always-enabled and does not request elevated persistence. However, because model invocation is allowed (default), an agent could autonomously use a WALLET_PRIVATE_KEY present in its environment to make purchases — this is a platform/usage risk rather than a platform misconfiguration of the skill itself.