Back to skill
Skillv0.1.0
ClawScan security
Bridge Stablecoin · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
ReviewMar 16, 2026, 6:07 PM
- Verdict
- Review
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill's code and instructions match its stated purpose (USDC bridging) but its metadata does not declare the sensitive environment variables it requires (private keys, Circle API/entity secrets), which is an incoherence you should understand before installing.
- Guidance
- Before installing or running this skill: (1) be aware the SKILL.md expects highly sensitive secrets (private keys for EVM/Solana and Circle API key/entity secret) even though the registry metadata does not declare them — treat that as a red flag. (2) Only provide keys in a controlled environment (ephemeral or isolated CI container, not your primary machine). Prefer hardware wallets or ephemeral custodial keys where possible. (3) Verify you intended to install the exact npm packages referenced (@circle-fin/bridge-kit, adapter packages) and watch for typosquatting. (4) Rotate or revoke any keys you use for testing. (5) Ask the publisher to update the registry metadata to declare required env vars and primary credential so automated checks and consent prompts work correctly. If you cannot verify the source or cannot safely supply the required secrets, avoid installing or running the skill.
Review Dimensions
- Purpose & Capability
- noteThe name/description and the SKILL.md are coherent: the skill documents how to use Circle Bridge Kit and CCTP for USDC bridging across EVM and Solana and includes appropriate adapter recipes. The functionality described does legitimately require wallet private keys and Circle API/entity credentials. However, the registry metadata lists no required environment variables or primary credential, which contradicts the SKILL.md and is an important mismatch.
- Instruction Scope
- concernSKILL.md gives explicit runtime instructions and sample code that read sensitive environment variables (PRIVATE_KEY, EVM_PRIVATE_KEY, SOLANA_PRIVATE_KEY, CIRCLE_API_KEY, CIRCLE_ENTITY_SECRET and wallet addresses). Those instructions stay within the bridging domain (approve, burn, fetchAttestation, mint), but they instruct use of secrets that the registry metadata fails to advertise — an inconsistency that matters because an agent or operator may not expect to provide these secrets.
- Install Mechanism
- okThis is an instruction-only skill with no install spec and no code files to execute in the registry package. It references installing @circle-fin packages via npm in examples; that is expected and not inherently risky in this context. No downloads from arbitrary URLs are prescribed.
- Credentials
- concernThe number and sensitivity of environment variables shown in the SKILL.md are appropriate for performing on-chain bridging (private keys and Circle API/entity secrets are legitimately required for different adapters). But the skill metadata declares 'Required env vars: none' and 'Primary credential: none', which is incorrect and prevents automated gating or informed consent. This mismatch increases the risk that users will accidentally expose long-lived private keys or entity secrets without realizing the skill expects them.
- Persistence & Privilege
- okThe skill is not always-enabled and uses the platform defaults for invocation; it does not request any persistent system-level privileges in the manifest. As an instruction-only skill it does not write files or modify other skills.