$CLAW Mining - Proof of AI Work
PassAudited by VirusTotal on May 11, 2026.
Overview
Type: OpenClaw Skill Name: claw-mining Version: 1.0.3 The skill bundle facilitates automated cryptocurrency mining ($CLAW) on Ethereum, which involves high-risk operations such as managing an Ethereum private key and executing on-chain transactions. While the implementation in 'miner/src/' appears professional and includes significant security safeguards—such as local transaction signing in 'chain.ts', HTTPS enforcement for the Oracle in 'config.ts', and explicit instructions in 'SKILL.md' to prevent the AI agent from directly handling the private key—the inherent risks of automated wallet management and the potential for credential exposure during the interactive 'init' process in 'index.ts' warrant a suspicious classification. No evidence of intentional malicious behavior or data exfiltration to unauthorized endpoints was found.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
You may end up running code different from the reviewed package, and that code would be in a position to use your mining wallet key.
The setup pulls code and dependencies from a mutable remote source rather than a pinned release. Because the miner later uses wallet/private-key material, changes in that remote code or dependencies could affect high-impact wallet operations.
git clone https://github.com/Cliai21/clawing.git cd clawing/miner npm install
Only install from a pinned, reviewed commit or release; inspect the code and dependency lockfile before entering any wallet key; use a dedicated low-balance hot wallet.
Users may trust the setup flow more than warranted and paste a wallet private key into a CLI path they believed would never request or store it.
This reassurance is contradicted by the provided CLI code, which can ask whether to enter the private key now, prompt for it, and write it into .env. The mismatch matters because private-key handling is the highest-risk part of the skill.
The `init` command never asks for or writes your private key — you paste it into `.env` yourself
Treat all private-key entry as sensitive; decline CLI private-key entry unless you fully trust the local code, and manually use a dedicated low-funds wallet key if you proceed.
Anyone or any code with access to that .env private key could control the mining wallet funds and transactions.
The CLI can collect and store a wallet private key locally. This is purpose-aligned for local Ethereum transaction signing, and the file is written with owner-only permissions, but it is still high-impact credential handling.
const wantsKey = (await ask('? Enter private key now? [y/N] (you can add it to .env later): ')).toLowerCase();
...
privateKeyValue = await ask('? Paste your private key (0x...): ');
...
fs.writeFileSync('.env', envContent, { mode: 0o600 });Use only a new dedicated hot wallet with minimal ETH; never use a main wallet or hardware-wallet seed/private key; remove the key when you are done mining.
If left running, the miner can continue incurring transaction fees and AI API usage costs.
The auto mode repeatedly performs mining cycles and waits through cooldowns. This matches the mining purpose and has Ctrl+C shutdown behavior, but it can keep spending gas and AI API credits without per-cycle confirmation.
while (running) {
...
const reward = await mineOnce(deps);
...
await sleep(waitSeconds * 1000, () => running);
}Run auto mode only intentionally, set conservative gas/API limits, monitor spending, and stop the process when you no longer want it mining.
Any custom task prompt or AI output used for mining is shared with the Oracle service.
The miner sends the AI request and response to the Oracle for verification. This is disclosed and purpose-aligned, but it means the Oracle receives the prompt content, miner address, nonce, and AI output.
api_response: aiResponse,
api_request: { model: config.aiModel, messages }Do not put personal or confidential information in the mining task prompt; use the default generic prompt unless you understand what will be sent.