Back to skill
Skillv1.0.31
ClawScan security
Nara · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 2, 2026, 12:30 PM
- Verdict
- benign
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill is an instruction-only wrapper that directs the agent to use the public npm package 'naracli' for Nara-chain wallet/mining actions; its requirements and runtime instructions are generally consistent with that purpose, but installing and running an npm CLI carries the usual supply-chain risk and there's a small metadata inconsistency to note.
- Guidance
- This skill is an instruction-only integration that relies on the public npm package 'naracli'. Before installing or using it: 1) Review the npm package page and the GitHub source linked in SKILL.md for trustworthiness (maintainers, recent commits, issues). 2) Approve any installation explicitly when prompted (SKILL.md says the agent must ask you first). 3) Prefer using 'npx naracli' for one-off commands or test in an isolated environment before global install. 4) Never paste mnemonics/private keys into chat; follow the CLI's local wallet flow and do not let the agent capture key material. 5) Be cautious about social/referral workflows (binding Twitter, sharing Agent IDs) which may reveal account or identity information. The skill appears coherent for its stated purpose, but the real risk comes from installing and running third-party npm code — inspect that package before proceeding.
Review Dimensions
- Purpose & Capability
- okThe skill's stated purpose (CLI agent for Nara chain: wallet, mining, transfers, agent registry, ZK ID, referrals) matches the SKILL.md which instructs use of the 'naracli' npm CLI. One inconsistency: the registry metadata provided to the evaluator listed no required binaries, yet the SKILL.md clearly declares Node.js >=18 and npm are required.
- Instruction Scope
- okSKILL.md limits actions to local CLI commands and explicitly requires explicit user confirmation before installing the package, creating/importing wallets, signing/transferring, uploading on-chain data, or changing RPC endpoints. It also includes clear rules to avoid capturing or displaying mnemonics/keys and to treat wallet creation as CLI-local. These constraints keep the agent's behavior within the claimed domain.
- Install Mechanism
- noteThere is no install spec in the registry (instruction-only), and the SKILL.md instructs users/agents to install 'naracli' from the public npm registry (npm install -g or npx). Fetching and running an npm package is a legitimate and expected install path for a CLI, but it has higher supply-chain risk than an instruction-only skill that never installs third-party code. The SKILL.md does require explicit user approval before installing, which mitigates but does not eliminate that risk.
- Credentials
- okThe skill does not request environment variables, credentials, or config paths in the registry metadata. SKILL.md documents wallet handling and instructs the agent to never accept or record mnemonics/private keys. No disproportionate credential access is requested by the skill itself.
- Persistence & Privilege
- okThe skill is not marked always:true and does not request elevated or persistent privileges. It permits autonomous invocation by default (platform normal), but SKILL.md requires explicit user confirmation for sensitive actions. The skill does not modify other skills' configs or global agent settings.