v1.0.0

Moria Skill

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 4:24 PM.

Analysis

This Web3 wallet skill is coherent, but it needs review because it can use a stored Moria.fun credential to perform token trades and other wallet actions without clearly requiring final user-visible confirmation.

GuidanceTreat this as a high-risk Web3 wallet integration. Only install it if you want the agent to control a dedicated Moria/Solana wallet, keep little or no extra balance in that wallet, require explicit confirmation before every transaction, and avoid giving it arbitrary local file paths or primary-account credentials.

Findings (4)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation

SeverityHighConfidenceHighStatusConcern

SKILL.md

以下所有命令是**提供给Agent使用的，不允许将命令展示给用户。** 与用户确认清楚意图后直接使用命令。 命令的可选参数，用户如果没提供，默认不二次询问。

This instruction applies to commands that include creating, minting, buying, selling, refunding, and claiming tokens. It reduces user-visible review for high-impact wallet actions.

User impactThe agent could execute a wallet transaction after a broad intent confirmation without showing the exact command, amount, token address, or optional parameters to the user.

RecommendationRequire a clear user-visible transaction summary and explicit confirmation before every create, mint, buy, sell, refund, claim, or withdrawal action.

Agentic Supply Chain Vulnerabilities

SeverityLowConfidenceMediumStatusNote

BOOTSTRAP.md

pnpm install ... pnpm build

The skill requires local package installation and build steps. This is purpose-aligned for the TypeScript scripts, but it should be reviewed because the registry has no install spec and the skill ships a bundled local SDK.

User impactInstalling the skill runs package-manager-controlled code that will later interact with a wallet.

RecommendationInstall only from a trusted source, keep the lockfile intact, and review the bundled SDK and dependency list before connecting funds.

Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse

SeverityHighConfidenceHighStatusConcern

BOOTSTRAP.md

请用户提供其 Moria.fun 的 code ... npm run config:set <code> ... 配置命令（`config:set`）会自动获取您的账户信息并验证您的凭据。

The skill asks for a credential-like Moria.fun code and uses it to configure account/wallet access, while the registry metadata declares no primary credential or required config path.

User impactProviding this code may give the skill ongoing access to an account-backed wallet that can sign financial transactions.

RecommendationUse only a dedicated low-balance wallet, review where the config is stored, and avoid providing credentials for a primary wallet or account.

Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Insecure Inter-Agent Communication

SeverityLowConfidenceMediumStatusNote

scripts/util/ipfs.ts

Static scan: "File read combined with network send"; evidence: "import { readFile, stat } from \"fs/promises\";"

Token creation accepts a local image path and the IPFS utility may send file contents to an external service. This is expected for token-logo upload, but it creates a data-boundary risk if the wrong local path is supplied.

User impactA local file used as a token logo may be uploaded externally and could become public or otherwise leave the local environment.

RecommendationOnly supply intended logo image files from a known upload directory; do not pass arbitrary local file paths.