Skillv1.0.2

ClawScan security

AI Mine · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousFeb 11, 2026, 9:29 AM

Verdict: suspicious
Confidence: high
Model: gpt-5-mini
Summary: The skill's stated purpose (running a PoAIW miner) is plausible, but it instructs the agent to clone and execute unverified third‑party code and to accept sensitive secrets (wallet private key and OpenAI API key) in ways that could easily lead to key exfiltration or other misuse.
Guidance: This skill could do exactly what it says, but it also has clear risk factors. Before installing: (1) Do NOT paste your main wallet private key into chat — use a throwaway wallet with minimal funds if you want to test. (2) Prefer injecting secrets via the platform's secure config (not inline messages or CLI args); avoid passing keys as command-line arguments. (3) Review and pin the GitHub repository and commit/tag you will install, or audit the repo code for network exfiltration and key-handling behavior. (4) If you must run it, do so in an isolated environment (VM or container) and monitor outbound network traffic. (5) Use a restricted OpenAI key (or billing-limited project) rather than a high-privilege key. (6) If you are not able to audit the repository and accept these risks, do not install it.

Review Dimensions

Purpose & Capability: noteRequiring node, npm, and git matches a Node.js miner installer. Requesting a wallet PRIVATE_KEY is consistent with mining payouts. However, the SKILL.md also requires an OpenAI API key (OPENAI_KEY / OPENAI_API_KEY) which is not declared in the skill's top-level required envs, creating an inconsistency between metadata and instructions.
Instruction Scope: concernInstructions direct the agent to git clone a remote repo, run npm install, execute scripts, and run CLI commands that accept sensitive keys (including passing the private key and OpenAI key on the command line). There is no step to verify or pin the repository contents. Running those commands gives the cloned code broad freedom (filesystem, network, process execution) and the instructions permit accepting secrets via chat, which risks exfiltration.
Install Mechanism: concernNo formal install spec is provided; the agent will git-clone https://github.com/AIMineRes/PoAIW.git and run npm install. While GitHub is a standard host, the repo is unpinned (no commit/tag/release verification) and the agent will execute its code on the user's machine. That is a high-risk pattern unless the repo is audited or pinned.
Credentials: concernThe skill declares PRIMARY_ENV PRIVATE_KEY (appropriate), but it also requires an OpenAI API key (OPENAI_KEY/OPENAI_API_KEY) in practice while not listing it in required envs. Asking for a wallet private key and an OpenAI API key is proportionate to a PoAIW miner only if the code is trusted; passing these secrets via CLI arguments or chat is risky because arguments can be visible to other processes and chat transcripts may be stored.
Persistence & Privilege: concernAlthough always:false, the skill instructs the agent to create a directory under the user's home, install node modules, and run a background web server — persistent changes to disk and long‑running processes. Combined with the sensitive keys above and unverified code, this increases the potential blast radius.