ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Fulfill Git Escrow

v1.0.0

Fulfill a git escrow bounty by writing a solution or submitting an existing one. Use when the user wants to solve a test suite challenge, write code to pass...

0· 180·0 current·0 all-time
by疒奀@mlegls
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
The skill is about fulfilling git-escrow bounties and explicitly requires the git-escrows CLI, git, a .env holding a PRIVATE_KEY, and network access to an Ethereum RPC — all of which are coherent with submitting on-chain fulfillments.
Instruction Scope
SKILL.md stays within the described purpose (discover escrow, inspect test repo, write or use a solution, commit, and call git-escrows fulfill). It instructs the agent to clone external test repos and create/modify files in the current working directory; it does not include broad unrelated file access. However, cloning and working with third-party repositories and dependencies can execute or expose the agent/environment to untrusted code — the document does not require sandboxing or explicit user confirmation before making changes.
Install Mechanism
This is an instruction-only skill with no install spec or downloaded code. It relies on a public npm CLI (git-escrows) which the SKILL.md recommends installing with npm; that's a low-risk, expected pattern for this purpose.
Credentials
The skill requires a PRIVATE_KEY (declared as primaryEnv) and a .env config — reasonable because the CLI must sign transactions. The registry metadata shows no required env vars list while SKILL.md expects .env/PRIVATE_KEY, which is an inconsistency to be aware of. PRIVATE_KEY is highly sensitive: it can control on-chain funds and permissions, so use of a dedicated low-value key is recommended.
Persistence & Privilege
The skill does not request always:true, does not modify other skills or system-wide settings, and is user-invocable. Agent autonomous invocation is allowed (default) but not combined with other elevated privileges here.
Assessment
This skill appears to do what it claims, but it will use a PRIVATE_KEY and manipulate repositories and files. Before installing or running: (1) Do not use your main wallet/private key—create a throwaway key with minimal funds for testing and submissions. (2) Inspect any test repositories you clone before running code or installing dependencies; untrusted tests can contain malicious install scripts. Consider running repo/cloning and test execution inside a sandbox/container. (3) Confirm you control any repo URL you are told to push to; don't allow automatic pushes to unknown remotes. (4) Verify the origin of the git-escrows CLI (review its GitHub repo and releases) before installing. (5) Be aware that submitting a fulfillment will sign on-chain transactions and could transfer funds; only proceed if you understand and trust the escrow flow. Finally, note the small metadata inconsistency: SKILL.md expects .env/PRIVATE_KEY but the declared required env vars list is empty—verify the key handling before use.

Like a lobster shell, security has layers — review code before you run it.

arkhaivk97662s2j1stb87cw30t1cp0hh82psqtblockchainvk97662s2j1stb87cw30t1cp0hh82psqtescrowvk97662s2j1stb87cw30t1cp0hh82psqtlatestvk97662s2j1stb87cw30t1cp0hh82psqt

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🎯 Clawdis
Binsgit-escrows, git
Config.env
Primary envPRIVATE_KEY

Comments