ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

The Formal Gatekeeper: Z3-Verified Safety for Autonomous Agent Plans

v1.3.1

The Formal Gatekeeper: Z3-Verified Safety for Autonomous Agent Plans. Build a formal verification proxy for OpenClaw agents: Z3 SMT solver integration, safet...

0· 89·0 current·0 all-time
by@mirni
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
CryptoRequires walletCan make purchasesRequires sensitive credentials
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The skill's stated purpose — building a Z3-backed verification proxy that integrates with a payment gateway — reasonably explains requesting a gateway API key, a wallet address, and a signing key for signed requests/payments. However the README claims the GreenHelix sandbox requires no API key while the skill metadata marks GREENHELIX_API_KEY as required; that discrepancy is unexplained and reduces confidence in how credentials are used.
!
Instruction Scope
The SKILL.md describes building a plugin that 'intercepts agent actions automatically', performs proof generation, and pays for verifications via x402 escrow. An instruction-only guide that tells operators to modify agent behavior, sign requests, and wire payments could cause privileged actions (transfers, request signing, agent config changes). Because the skill is instruction-only, there is no code to audit — follow-the-guide steps could lead to modifying runtime behavior or sending signed requests if a user supplies real keys.
Install Mechanism
No install spec and no code files — the skill is instruction-only. That limits the immediate risk of arbitrary binaries being written/executed by the skill package itself. The security surface is the instructions and any credentials the operator provides when following them.
!
Credentials
The skill requires three env vars including AGENT_SIGNING_KEY (a cryptographic key) and WALLET_ADDRESS. Requesting a public wallet address is reasonable, but asking for an agent signing key is sensitive and must be justified; the SKILL.md's text partially justifies it (signing identity for gateway requests) but also says the sandbox needs no API key — creating ambiguity. Supplying a private signing key or wallet-capable credentials to an external guide increases the risk of unauthorized transactions or impersonation.
Persistence & Privilege
always:false (normal) and the skill is user-invocable. However, the guide's goal of creating an always-active proxy that intercepts agent actions plus the presence of payment/signing credentials raises the blast radius: if the resulting integration is deployed with real credentials and left to run autonomously, it could perform or authorize financial operations. The skill itself doesn't force persistence, but following it could enable long-lived privileges.
What to consider before installing
This is an instructional guide that could legitimately require an API key, a wallet address, and a signing key if you intend to deploy a payment-backed verification proxy — but treat those credentials as high-risk. Before following the guide: (1) do not provide real production signing keys or wallets with funds; use the stated sandbox or ephemeral/test credentials only; (2) inspect the full SKILL.md for any steps that instruct modifying agent runtime configuration, installing plugins, or executing shell commands that access system files; (3) require least privilege: prefer read-only or signing-only credentials with strict scopes and short TTLs; (4) prefer hardware-backed signing or multi-sig wallets for any real payments; (5) ask the author to clarify the apparent sandbox/API-key contradiction and to document exactly where/how AGENT_SIGNING_KEY is used and stored; (6) run any integration in an isolated test environment before giving it network or payment access. If you cannot validate those points, avoid supplying private keys or real funds.

Like a lobster shell, security has layers — review code before you run it.

ai-agentvk979a5zv517gtyx458hvfzhd5n84wb7gformal-verificationvk979a5zv517gtyx458hvfzhd5n84wb7ggreenhelixvk979a5zv517gtyx458hvfzhd5n84wb7gguidevk979a5zv517gtyx458hvfzhd5n84wb7glatestvk979a5zv517gtyx458hvfzhd5n84wb7gopenclawvk979a5zv517gtyx458hvfzhd5n84wb7gpluginvk979a5zv517gtyx458hvfzhd5n84wb7gsafetyvk979a5zv517gtyx458hvfzhd5n84wb7gsecurityvk979a5zv517gtyx458hvfzhd5n84wb7gsmtvk979a5zv517gtyx458hvfzhd5n84wb7gz3vk979a5zv517gtyx458hvfzhd5n84wb7g

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

EnvGREENHELIX_API_KEY, WALLET_ADDRESS, AGENT_SIGNING_KEY
Primary envGREENHELIX_API_KEY

Comments