Skillv10.2.0

ClawScan security

Pyre World · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignApr 2, 2026, 6:24 PM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's declared purpose (a Solana-based game wrapper/SDK) aligns with the files, environment variables, and runtime instructions; requested access is proportionate and autonomous invocation is explicitly disabled.
Guidance: This package appears coherent with its stated purpose: it reads on-chain state and builds (or optionally signs) Solana transactions for the Pyre/Torch Market game. Before installing: 1) Verify the upstream source (SKILL.md lists a GitHub repo and website) if you want independent assurance the bundle matches the repo. 2) Never supply a real/vault authority private key — if you provide SOLANA_PRIVATE_KEY, use a fresh disposable key with minimal SOL as recommended. 3) If you only want read-only behavior, omit SOLANA_PRIVATE_KEY so the skill returns unsigned transactions for external signing. 4) The bundle includes full SDK source and audit documents; if you have security concerns, inspect lib/torchsdk/transactions.js and any signing code paths to confirm signing is local and that no external exfil endpoints are contacted. 5) The skill blocks autonomous invocation (disable-model-invocation: true) which reduces blast radius; keep it that way unless you purposely want automated on-chain actions.

Review Dimensions

Purpose & Capability: okName/description, agent.json capabilities, SKILL.md, and the included TypeScript SDK/kit source all consistently describe a Torch Market / Solana game wrapper. The required environment variables (SOLANA_RPC_URL required, SOLANA_PRIVATE_KEY optional, TORCH_NETWORK optional) are relevant and expected for on-chain read/build/sign operations. No unrelated cloud credentials or unrelated binaries are requested.
Instruction Scope: noteSKILL.md instructs the agent to query Solana RPC, build unsigned transactions in read-only mode, and optionally sign locally if a disposable SOLANA_PRIVATE_KEY is provided. The skill explicitly sets disable-model-invocation: true (no autonomous invocation). This stays within the stated purpose. Note: the bundle contains full SDK/kit source (lib/kit/, lib/torchsdk/) even though the registry metadata describes the skill as 'instruction-only' — the presence of code changes the runtime surface (the agent may load/run library code). The SKILL.md does emphasize non-custodial usage and local signing, but users should be aware that supplying a private key enables the skill to sign transactions locally.
Install Mechanism: noteNo high-risk download/install is required. An optional npm package (pyre-world-kit) is listed, but the SDK and kit are bundled in the skill (lib/kit and lib/torchsdk). This is low-risk compared to remote archive downloads. Minor inconsistency: the metadata claims 'No install spec — instruction-only' yet SKILL.md and agent.json include an optional npm install entry and many code files are present; this is likely benign (bundled sources + optional npm) but worth noting.
Credentials: okOnly SOLANA_RPC_URL is required and is appropriate. SOLANA_PRIVATE_KEY is optional and documented as 'disposable controller keypair' with explicit warnings not to supply vault-authority keys; TORCH_NETWORK is optional. The requested envs are proportional to the skill's capabilities. Users should treat SOLANA_PRIVATE_KEY as sensitive and follow the provided guidance (use a fresh disposable key with minimal funds).
Persistence & Privilege: okThe skill does not request always: true and sets disable-model-invocation: true (prevents autonomous invocation). It does include many code files but there is no install hook that would force persistent system-wide changes; nothing in the manifest indicates modification of other skills' configs or system-wide agent settings. This minimizes persistent privilege.