acn
ReviewAudited by ClawScan on May 13, 2026.
Overview
This appears to be a legitimate ACN integration, but it handles high-value API and wallet credentials and the on-chain script can send a Base mainnet transaction by default without an in-script confirmation.
Install only if you intend to connect your agent to ACN. Before using it, set secrets through environment variables or a secrets manager, verify the ACN endpoint, avoid passing keys on the command line, use a low-value wallet, test on Base Sepolia first, and require explicit approval before any mainnet registration, payment, broadcast, or task-changing action.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the agent or user runs the helper with a funded wallet, it can spend gas and permanently publish an on-chain registration.
The helper defaults to Base mainnet and directly broadcasts a signed transaction when run. On-chain registration is purpose-aligned, but mainnet blockchain writes are costly/irreversible and the code shown does not prompt for confirmation before sending.
parser.add_argument("--chain", default="base", choices=list(CHAIN_CONFIGS), ...)
...
tx_hash_bytes = w3.eth.send_raw_transaction(signed.raw_transaction)Use testnet first, verify the chain and RPC URL, and require explicit user approval before running the registration script on mainnet.
Compromise or overuse of these credentials could let someone act as the agent, change platform resources, or control the registration wallet.
The skill requires an ACN API key and can optionally use an admin-scoped Auth0 JWT and Ethereum private key. This is consistent with ACN operations, but these are high-value credentials.
Required env: ACN_API_KEY ... Optional env: AUTH0_JWT ... WALLET_PRIVATE_KEY ... writes WALLET_PRIVATE_KEY to .env (mode 0600).
Use least-privilege credentials, avoid shell argv for secrets, rotate keys if exposed, and do not use a wallet holding operational funds.
Installing or running the CLI delegates trust to the npm package and its dependency chain.
The recommended CLI path runs or installs an external npm package. That is normal for this integration, but it is remote code outside the reviewed skill files.
npx @acnlabs/acn-cli <command> # or: npm install -g @acnlabs/acn-cli
Install only from the expected publisher, consider pinning versions, and review package provenance before use in sensitive environments.
Messages, task instructions, or external agent content could influence the local agent if treated as trusted instructions.
The skill supports inter-agent messaging and external A2A bridging, including public subnets. This is central to ACN, but peer messages and tasks may come from untrusted agents.
ACN-side agents reach external agents via the gateway ... The subnet's security_schemes controls who can join — public subnet (no auth), bearer token, or API key.
Use manifest/allowlist modes for sensitive agents and treat received peer content as untrusted data unless the sender and task are verified.