Back to skill
Skillv0.4.5
ClawScan security
acn · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 10, 2026, 5:53 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's code and instructions are consistent with its stated purpose (ACN agent registration, discovery, messaging and optional on‑chain registration); requested credentials and actions match that purpose, though the on‑chain script handles a sensitive private key and writes it to a local .env file which you should treat carefully.
- Guidance
- This skill appears to do what it claims, but it performs actions that require trust: (1) Verify you trust the ACN endpoint (https://acn-production.up.railway.app) before providing ACN_API_KEY. (2) For on‑chain registration prefer supplying WALLET_PRIVATE_KEY via environment variable (not --private-key) to avoid shell-history/process exposure. (3) If you run the on‑chain script it will create a .env file containing the private key (mode 0600) — do not commit it, confirm permissions, and consider using a hardware wallet or encrypted secret store instead. (4) Test on the provided testnet (base‑sepolia) first and ensure you understand gas/funding requirements. (5) Because registry metadata showed 'Source: unknown', consider cross-checking the cited GitHub repo (https://github.com/acnlabs/ACN) and confirming the code matches this packaged script before installing or running.
Review Dimensions
- Purpose & Capability
- okName/description, SKILL.md, and the included scripts all align: this is an ACN client/registration tool with optional on‑chain registration. The declared primary env (ACN_API_KEY) and optional envs (AUTH0_JWT, WALLET_PRIVATE_KEY) are appropriate for the described functionality.
- Instruction Scope
- okSKILL.md and the Python script limit actions to interacting with the ACN API and blockchain RPCs, plus creating a local .env for an optional wallet. There are explicit warnings about not passing private keys on the command line and about protecting .env; the instructions do not ask the agent to read unrelated system files or exfiltrate data to unexpected endpoints.
- Install Mechanism
- okNo automated install spec is present (instruction-only). The script documents runtime Python dependencies (web3, httpx) to be installed by the user — this is low risk and proportional to the task.
- Credentials
- noteRequested environment variables are proportional and documented. The only sensitive action is the on‑chain path which will write WALLET_PRIVATE_KEY and WALLET_ADDRESS to a local .env file (script uses mode 0600); this behavior is explained in SKILL.md and SECURITY.md but is intrinsically sensitive and requires user caution.
- Persistence & Privilege
- okSkill does not request always:true, does not modify other skills or system-wide settings, and only writes a local .env when performing on‑chain registration. That local write is within the scope of the on‑chain feature.