Skillv0.2.3

ClawScan security

Agent identity and reputation registration · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousFeb 11, 2026, 8:52 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's files and instructions match an ERC-8004 agent registry and wallet toolset, but the runtime guidance directs the agent to download/run an npm package (npx), create/manage encrypted wallets, and implicitly read environment/.env — behaviors that expand its footprint beyond what the metadata declares and require careful review before use.
Guidance: This skill appears to implement a multi-chain agent registry and wallet manager, which is consistent with its files — but it instructs the agent to run an npm package via npx and to create/manage encrypted wallets and a local database. Before installing or running: 1) Review the actual @quantulabs/8004-mcp package source (npm/GitHub) and its published version to ensure you trust it. 2) Avoid running npx on machines that hold unrelated secrets — the server loads .env and runs in your environment. 3) Do not hardcode master passwords in examples; use a secure secret workflow and understand where the encrypted wallet store is written. 4) Prefer running this in an isolated environment/container to limit exposure. 5) If you plan to register agents or send real transactions, be sure you control the funds and keys and understand on-chain costs. If you cannot review the upstream package, treat this skill as high-risk and avoid running it with real funds or on sensitive hosts.

Review Dimensions

Purpose & Capability: okThe name and included README/skill.md describe a multi-chain MCP (ERC-8004) agent registry with search, reputation, wallet management, and registration operations. The runtime instructions (wallet store, wallet_create, agent_register, reputation queries) are coherent with that purpose.
Instruction Scope: concernSKILL.md instructs spawning an external process via npx @quantulabs/8004-mcp and calling many wallet- and transaction-related tools (initialize/encrypt wallet store, create/unlock wallets, build transactions). These instructions require handling private keys, master passwords, and potentially broadcasting on-chain transactions. They also reference loading .env and using NETWORK_MODE — so the runtime may access environment variables and local files not declared in the registry metadata. That broadens the skill's runtime privileges and risk surface.
Install Mechanism: concernThere is no formal install spec in the registry entry, but the instructions explicitly use npx to fetch/run @quantulabs/8004-mcp at runtime. Using npx downloads and executes code from the npm registry (possibly latest unpinned package), which is an install-time network fetch of third‑party code. This is higher risk than an instruction-only skill that only runs built-in tools, because it executes external code that must be reviewed separately.
Credentials: concernThe skill metadata declares no required environment variables, but the README/SKILL.md mention .env loading and examples set env vars (NETWORK_MODE, DEFAULT_CHAIN). The runtime server writes a local wallet store (encrypted with a master password), a local SQLite cache, and will read/write files in the current directory. That means the skill can access environment variables and files on disk (including a .env) that were not declared — and it will cause the agent to handle sensitive secrets (master password, private keys).
Persistence & Privilege: notealways:false (normal). However, the server creates persistent state (encrypted wallet store, local SQLite cache, optionally .env and config files) on disk. Persistence is expected for a wallet/registry server, but you should be aware it will store sensitive artifacts locally and could retain keys/transaction history between sessions.