ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Agentic Commerce Relay

v0.1.0

Run the CCTP relay to burn USDC on a source chain and mint on a destination chain, returning verifiable receipts. Use for multichain agent-to-agent settlement, with optional Moltbook discovery and integrations.

0· 923·0 current·0 all-time
by@nativ3ai
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
high confidence
!
Purpose & Capability
The described purpose (CCTP relay to burn/mint USDC) legitimately requires RPC endpoints and a signing key, which the SKILL.md lists, but the registry metadata claims no required env/credentials. That mismatch (no required env vs SKILL.md requiring PRIVATE_KEY, SRC_RPC, DST_RPC) is incoherent.
!
Instruction Scope
Runtime instructions tell the agent to run scripts (scripts/cctp-bridge.js, scripts/discovery-moltbook.cjs) and to set sensitive env vars, but no scripts or integrations are included in the skill bundle. The instructions also suggest calling external services (Moltbook) and sending transactions to RPC endpoints — all of which require explicit, included code or provenance, which is missing.
!
Install Mechanism
There is no install spec (instruction-only), which is low-risk in itself, but the README-style instructions reference bundled modules and script files that are not present. That discrepancy means the skill as packaged can't perform the claimed actions without external code, which is suspicious.
!
Credentials
SKILL.md requires a PRIVATE_KEY and RPC URLs (sensitive). The registry declares no required env or primary credential. Requesting a private key is proportionate for signing cross-chain burns/mints, but the skill should have declared this and provided code reviewable by the user; undeclared sensitive env requirements are a red flag. Additional optional envs (MOLTBOOK_API_KEY, etc.) are also referenced but not declared.
Persistence & Privilege
The skill does not request always:true, has no install steps that would persist code on disk, and is user-invocable only. Autonomous invocation is enabled by default but not, by itself, unusual or escalatory here.
What to consider before installing
Do not supply your real/private signing key or production RPC credentials to this skill as packaged. The SKILL.md expects local Node scripts and integrations (scripts/cctp-bridge.js, integrations/) but the skill bundle contains only the SKILL.md and no code or homepage — that makes it impossible to audit what will run. Before installing or using: 1) ask the publisher for the source repo or a signed release and verify the scripts; 2) only use an ephemeral or low-value key and non-production RPC endpoints for testing; 3) prefer hardware-wallet or external-signing workflows rather than providing raw PRIVATE_KEY to an agent; 4) be cautious about optional discovery integrations (Moltbook) and API keys — verify their endpoints and privacy implications. If the publisher cannot provide source or an installable package, treat this skill as untrusted.

Like a lobster shell, security has layers — review code before you run it.

latestvk97fq9tr9d9ngtvxv44s0j6f3580sfjv

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments