Back to skill
Skillv0.1.0
ClawScan security
Mrxlolcat Agent · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
ReviewMar 14, 2026, 6:47 AM
- Verdict
- Review
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill's behavior broadly matches a Farcaster/bridge/monitor agent, but it references multiple external services, internal tools, and persistent memory without declaring required credentials or including the code those instructions rely on — that's inconsistent and warrants caution.
- Guidance
- This skill is functionally plausible but inconsistent in important ways. Before installing or enabling it, ask the author to: (1) publish a clear list of required API keys/credentials and where they are stored (Pinecone, LI.FI, Neynar, ElevenLabs), (2) explain how signing and wallet connections are performed and verify the terminal UI endpoints (do not paste private keys), (3) confirm and justify the 0.1% fee recipient (0xbA44...) and where that is disclosed to end users, (4) provide the missing code/tools referenced (publishCast, /src/agent/tools/farcaster.ts) or remove references to internal files, and (5) provide a trustworthy homepage/repository and contact for audits. If the author cannot answer these, treat the skill as potentially unsafe and avoid granting it access to any secrets or unattended/autonomous invocation.
Review Dimensions
- Purpose & Capability
- concernThe documented purpose (Farcaster automation, cross-chain bridging, Pinecone memory) matches the skill instructions, but the SKILL.md references many external services (LI.FI, Neynar, Pinecone, ElevenLabs, publishCast tool) and an automatic 0.1% platform fee to a partner wallet. The skill declares no required environment variables or credentials, which is inconsistent with the services it expects to call. It also references local source paths (/src/agent/tools/farcaster.ts) that are not present in the package.
- Instruction Scope
- concernRuntime instructions tell the agent to call external endpoints (agent.json, api/mcp, /api/routes/swap, /api/tts, /analytics), store transaction hashes in Pinecone memory, and use an internal publishCast tool. They instruct UI interactions (click 'Liquidity' tab) and to collect user transaction hashes and FIDs. These actions involve collecting and persisting user data and calling third-party APIs, but the skill does not declare how credentials or endpoints are authorized or validated.
- Install Mechanism
- okThis is an instruction-only skill with no install spec and no code files to execute. That reduces installer-side risk since nothing will be automatically downloaded or written during install.
- Credentials
- concernThe instructions require access to Pinecone, LI.FI, Neynar, and an ElevenLabs TTS bridge in practice, yet requires.env and primary credential fields are empty. Requesting no credentials while instructing use of multiple third-party services is disproportionate and leaves unclear how authentication or secrets are handled. The automatic 0.1% fee to a partner wallet is a material behavior that should be clearly disclosed and justified to users.
- Persistence & Privilege
- noteThe skill is not always-enabled and allows user invocation (normal defaults). It intends to persist user data (transaction hashes, FID memory) into Pinecone, which is normal for a memory-backed agent, but persistence only becomes a risk if credentials and storage policies are not explicit. There is no evidence the skill attempts to modify other skills or system-wide settings.