Skillv0.1.0

ClawScan security

Agentic Commerce Relay · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

ReviewFeb 11, 2026, 9:26 AM

Verdict: Review
Confidence: high
Model: gpt-5-mini
Summary: The instructions describe running local Node scripts that require a PRIVATE_KEY and RPC endpoints, but the skill bundle contains no code, declares no required env, and provides no source/homepage — the requested secrets and file references don't match the package.
Guidance: Do not supply your real/private signing key or production RPC credentials to this skill as packaged. The SKILL.md expects local Node scripts and integrations (scripts/cctp-bridge.js, integrations/) but the skill bundle contains only the SKILL.md and no code or homepage — that makes it impossible to audit what will run. Before installing or using: 1) ask the publisher for the source repo or a signed release and verify the scripts; 2) only use an ephemeral or low-value key and non-production RPC endpoints for testing; 3) prefer hardware-wallet or external-signing workflows rather than providing raw PRIVATE_KEY to an agent; 4) be cautious about optional discovery integrations (Moltbook) and API keys — verify their endpoints and privacy implications. If the publisher cannot provide source or an installable package, treat this skill as untrusted.

Review Dimensions

Purpose & Capability: concernThe described purpose (CCTP relay to burn/mint USDC) legitimately requires RPC endpoints and a signing key, which the SKILL.md lists, but the registry metadata claims no required env/credentials. That mismatch (no required env vs SKILL.md requiring PRIVATE_KEY, SRC_RPC, DST_RPC) is incoherent.
Instruction Scope: concernRuntime instructions tell the agent to run scripts (scripts/cctp-bridge.js, scripts/discovery-moltbook.cjs) and to set sensitive env vars, but no scripts or integrations are included in the skill bundle. The instructions also suggest calling external services (Moltbook) and sending transactions to RPC endpoints — all of which require explicit, included code or provenance, which is missing.
Install Mechanism: concernThere is no install spec (instruction-only), which is low-risk in itself, but the README-style instructions reference bundled modules and script files that are not present. That discrepancy means the skill as packaged can't perform the claimed actions without external code, which is suspicious.
Credentials: concernSKILL.md requires a PRIVATE_KEY and RPC URLs (sensitive). The registry declares no required env or primary credential. Requesting a private key is proportionate for signing cross-chain burns/mints, but the skill should have declared this and provided code reviewable by the user; undeclared sensitive env requirements are a red flag. Additional optional envs (MOLTBOOK_API_KEY, etc.) are also referenced but not declared.
Persistence & Privilege: okThe skill does not request always:true, has no install steps that would persist code on disk, and is user-invocable only. Autonomous invocation is enabled by default but not, by itself, unusual or escalatory here.