Skillv1.0.2

ClawScan security

claw and order · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousFeb 11, 2026, 9:29 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's runtime instructions match a court/escrow use case, but they require sensitive wallet operations (signing, staking tx hashes) and network callbacks without declaring how credentials or keys are provided—this mismatch and the use of an unknown third‑party endpoint warrant caution.
Guidance: This skill asks the agent to perform blockchain operations that require a private key (signing messages) and to submit potentially sensitive evidence to https://www.nikhilp.online, but it does not declare how private keys or wallet access are provided. Before installing or enabling this skill: - Confirm how your agent/platform will supply signing capability and where private keys live; do not allow the skill to read raw private keys from disk or environment variables unless you explicitly trust it. - Verify the server (https://www.nikhilp.online) and its operators: check TLS cert, who runs the service, privacy policy, and whether they are the official project maintainers. - Require explicit user/owner consent before the agent submits any logs, system state, or URLs as 'evidence' — these fields can leak secrets. Consider sanitizing or limiting what the agent is allowed to include. - Ask the developer for the actual smart contract addresses and on-chain verification steps (how the API validates tx_hashes and signatures). - If you cannot verify the server and the signing flow, restrict the agent to read-only operations (e.g., only query cases) and disable automatic signing or submission features.

Review Dimensions

Purpose & Capability: noteThe SKILL.md describes a decentralized dispute platform (filing lawsuits, checking cases, submitting defenses) which is consistent with the skill name. However, the instructions require blockchain interactions (staking, tx_hashes, signing messages) that imply access to a wallet/private key and specific contract addresses; the skill metadata declares no credentials, keys, or config paths. The absence of declared wallet access is a meaningful inconsistency (could be an assumption of platform-managed wallet, but that is not stated).
Instruction Scope: concernThe instructions tell an agent to POST case data and signatures to an external API (https://www.nikhilp.online) and to include evidence which may be text logs or URLs. This legitimately could transmit sensitive information (logs, links, contact webhooks). The skill also requires generating Ethereum signatures and using transaction hashes — actions that require private-key access. The SKILL.md gives no guidance on limiting or sanitizing evidence, nor on how or where private keys are stored/used. Allowing callback URLs and arbitrary evidence fields increases the risk of unintended data exfiltration.
Install Mechanism: okNo install spec and no code files — instruction-only — so nothing will be written to disk by the skill itself. This minimizes install-time risk.
Credentials: concernThe runtime requires signing transactions and presenting tx_hashes, which are sensitive operations that normally need private keys or wallet access. Yet requires.env and primary credential are empty. That mismatch is concerning: either the skill assumes the agent/platform already has wallet capability (not documented), or it implicitly asks the agent to access private keys from elsewhere. Also, the API endpoint is a third‑party domain; no authentication mechanism for the API is described, so the agent could be asked to transmit sensitive credentials or data without clear safeguards.
Persistence & Privilege: okThe skill does not request always:true, does not modify other skills, and has no install behavior. It can be invoked by the agent but does not demand persistent privileges.