Skillv1.0.0

ClawScan security

Nla Arbitrate · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 11, 2026, 12:28 PM

Verdict: suspicious
Confidence: high
Model: gpt-5-mini
Summary: The skill's instructions are coherent with manual arbitration, but the published metadata omits sensitive requirements (nla CLI, PRIVATE_KEY, and optional LLM API keys), creating an inconsistency you should resolve before installing.
Guidance: Before installing or enabling this skill: 1) Confirm the 'nla' CLI requirement is declared in the registry — the SKILL.md requires it but metadata does not. 2) Understand that arbitration requires a wallet private key to sign on-chain transactions; prefer a hardware wallet or local signing workflow rather than putting your raw PRIVATE_KEY in environment variables. 3) If you plan to use auto mode, be aware that content of demands/fulfillments will be sent to whichever LLM provider you configure — review that provider's data retention and privacy policies. 4) Ask the author/registry to update the skill manifest to declare required binaries and required env vars (PRIVATE_KEY and which LLM keys may be read) so you can make an informed decision. 5) Only use this skill if you control the oracle address and understand gas costs and irrevocable on-chain attestations. If the author cannot or will not update the metadata, treat the skill as higher-risk and avoid supplying persistent secrets.

Review Dimensions

Purpose & Capability: noteThe skill name and description match the instructions: it runs the nla CLI to manually arbitrate escrow fulfillments. That purpose legitimately requires an on-chain wallet and optionally LLM keys for auto mode. However, the registry metadata does not declare these required binaries or environment variables, which is an important mismatch.
Instruction Scope: okSKILL.md stays within the stated purpose: it only instructs use of the 'nla' CLI to inspect escrows and submit on-chain decisions. It does reference reading environment variables (PRIVATE_KEY, OPENAI_API_KEY, etc.) for signing and auto mode, which is expected for the described features.
Install Mechanism: concernThis is an instruction-only skill (no install spec), so nothing is written to disk by the skill itself. But SKILL.md requires the external 'nla' CLI (npm install -g nla) and a configured wallet — yet the registry metadata did not list any required binaries. The absence of an install spec is low-risk by itself, but the omitted dependency declaration is a red flag for transparency and user expectations.
Credentials: concernThe instructions require sensitive credentials: a private key (or using 'nla wallet:set' / --private-key / PRIVATE_KEY env var) and optionally LLM API keys for auto mode. Those credentials are proportionate to the task (on-chain signing and LLM-based automation), but the registry metadata declared no required env vars. The omission reduces transparency and increases risk of accidental exposure (e.g., unclear whether the skill will read env vars or prompt for keys).
Persistence & Privilege: okalways is false and there's no install step or code that persists or elevates privileges. The skill can be invoked autonomously by agents by default (normal platform behavior), but that alone is not a new risk here.