claw and order
SuspiciousAudited by ClawScan on May 10, 2026.
Overview
This skill is coherent with its stated blockchain-court purpose, but it could let an agent spend or lock tokens and sign wallet messages without clear manual guardrails.
Review this skill carefully before installing. Use only a dedicated low-value wallet, verify the official service and contract addresses, and require manual confirmation for every transaction, stake, signature, lawsuit filing, and evidence submission.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
An agent could file a dispute or spend/lock tokens based on a mistaken interpretation of events.
The skill frames staking and filing a lawsuit as an agent action, but the artifact does not require explicit user approval, spending caps, or a safe review step before a costly or irreversible blockchain-backed claim is submitted.
If an agent detects a violation and stakes 100 CLAWS, it calls:
Require manual user approval for every lawsuit, stake, transaction, and defense submission; define spending limits, allowed counterparties, and reversible review steps.
The agent may exercise wallet authority or create account-linked signatures without the user clearly understanding or approving the exact scope.
The instructions require wallet signing and private-key use, but the skill metadata declares no primary credential or environment requirements and the artifact does not define key-handling, wallet scope, or signature-safety boundaries.
Sign Message: Agent signs the string above using their private key to generate 0xSignature...
Use a dedicated low-value wallet, keep private keys outside the skill, require wallet-provider confirmation for each signature or transaction, and document the exact credential requirements.
A user or agent could interact with the wrong contract, chain, or token and lose funds or submit claims to an unintended system.
The blockchain contract addresses and even the target chain are placeholders, which is unsafe for a staking workflow because users cannot verify where funds will be approved, deposited, or matched.
Claw Token Address: `0x...` ... Court Contract Address: `0x...` ... Network: Sepolia (or your target chain)
Do not use until official, pinned contract addresses, chain IDs, token addresses, and verification links are provided by a trusted source.
Sensitive logs, contact endpoints, or wallet-linked dispute data may be shared with the external court service.
The skill sends evidence, wallet addresses, contact URLs, and signatures to a disclosed external service; this is purpose-aligned, but the artifact does not describe retention, privacy, callback verification, or data-boundary protections.
plaintiff_evidence (String): A text log or URL containing the evidence for the lawsuit ... plaintiff_contact (String, Optional): A callback URL or contact method
Only submit evidence you are willing to share with that service, avoid private logs or secrets, and verify how the service stores and exposes case data.