Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Alkahest User
v1.0.0Interact with Alkahest escrow contracts as a buyer, seller, or oracle using the CLI
⭐ 0· 154·0 current·0 all-time
by疒奀@mlegls
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
high confidencePurpose & Capability
The skill claims to be an interaction helper for Alkahest escrows (CLI + TS SDK), which legitimately needs wallet credentials and RPC endpoints. However, the registry metadata lists no required env vars, no primary credential, and no required binaries while the SKILL.md explicitly instructs use of private keys, mnemonics, and RPC URLs (flags and env vars like ALKAHEST_PRIVATE_KEY, ALKAHEST_MNEMONIC, PRIVATE_KEY and --private-key). That mismatch between declared requirements and actual instructions is incoherent.
Instruction Scope
The SKILL.md tells the agent/user to provide raw private keys or mnemonics (via flags or env vars) and includes code examples that embed private keys in code (TS SDK sample uses privateKeyToAccount("0xYOUR_PRIVATE_KEY")). It also describes long-running auto-arbitration listeners. While these actions are within the functional scope of an escrow CLI/SDK, the instructions explicitly require handling highly sensitive secrets and long-running automation and do not limit or warn about exfiltration or safe handling, and they reference env vars that were not declared in the skill metadata.
Install Mechanism
This is an instruction-only skill (no install spec, no code files executed by the platform). That minimizes direct installation risk because nothing is downloaded or written by the skill itself. The SKILL.md does instruct the user to install an external npm package (npm install -g alkahest-cli) outside the skill — which is expected for a CLI helper but means package provenance must be checked by the user.
Credentials
The skill requires sensitive credentials to function (private keys, mnemonics, and RPC URLs) as shown in flags/env examples, but the registry metadata declares no required env variables or primary credential. This omission prevents automated gating/visibility of secret access. Requesting raw private keys and mnemonics (or embedding them in code) is high-privilege and should be explicit and limited; the skill does not make that explicit in metadata.
Persistence & Privilege
The skill is not always-enabled (always: false) and does not request persistent system-wide privileges. Autonomous invocation is allowed (platform default), which combined with the skill's ability to instruct use of secrets could increase risk, but there is no explicit 'always' or other elevated privilege requested by the skill itself.
What to consider before installing
This skill's documentation shows exactly how to operate the Alkahest CLI/SDK and repeatedly instructs you to supply private keys, mnemonics, or RPC URLs — but the registry metadata does not declare those secrets. Before installing or following these instructions:
- Treat the examples as demonstrating sensitive operations: supplying a raw private key or mnemonic gives full custody of funds. Never paste a production private key or mnemonic into a third-party CLI or code snippet unless you fully trust and have audited the target package.
- Verify the alkahest-cli npm package and @alkahest/ts-sdk source repository (check publisher, repository, and package contents). Audit or review the package code before installing globally.
- Prefer hardware wallets / Ledger for signing (the SKILL.md mentions ledger support) to avoid exposing raw private keys. If using an environment variable, use a throwaway test wallet with minimal funds.
- Validate RPC URLs before using them (don’t use RPC endpoints of unknown operators that could log or manipulate transactions).
- For automated listeners/auto-arbitration, run them in an isolated environment and avoid running them with keys that control large balances.
- The skill is instruction-only (it does not itself install code), but it recommends installing external packages; the primary risk is from those external packages and from providing secrets as shown. If you are not prepared to audit the CLI/SDK package or to use safe key-handling practices (hardware wallet, ephemeral keys), do not proceed.Like a lobster shell, security has layers — review code before you run it.
arkhaivk970cdtxsf9tn2xdxqp4406h1h82txtjblockchainvk970cdtxsf9tn2xdxqp4406h1h82txtjescrowvk970cdtxsf9tn2xdxqp4406h1h82txtjlatestvk970cdtxsf9tn2xdxqp4406h1h82txtj
License
MIT-0
Free to use, modify, and redistribute. No attribution required.