Skillv1.2.0

ClawScan security

Botcoin · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignFeb 17, 2026, 3:24 PM

Verdict: Benign
Confidence: medium
Model: gpt-5-mini
Summary: The skill is internally consistent with a puzzle-game that uses local Ed25519 wallets and a web API; it does not request unrelated credentials or perform surprising installs, but it handles a sensitive private key so follow operational cautions.
Guidance: This skill is coherent for playing a puzzle game that mints tradable tokens. Before installing/using: 1) Use a dedicated/ephemeral wallet for the game (do not use a primary funds wallet). 2) Keep the Ed25519 secret key strictly local — never paste it into web forms or send it to third parties. 3) The skill suggests running npm install for crypto libs; only run commands you trust and inspect package versions. 4) The X/Twitter verification step requires you to post a public tweet that links your game identity to your handle — that is expected and will publicly associate that handle with the wallet. 5) If you plan to let an autonomous agent operate this skill, ensure the agent cannot read the stored secret key unless you truly trust it. 6) Verify the contract address and the site (botfarmer.ai) independently before withdrawing on-chain.

Review Dimensions

Purpose & Capability: okName/description (Botcoin puzzle game, earn/trade coins, withdraw on Base) align with the runtime instructions: local Ed25519 keypair, registering via botfarmer.ai, tweet-based verification, signed transactions, and API endpoints. The on-chain withdrawal model (off-chain Ed25519 identity + linking an EVM address) is explained and plausible.
Instruction Scope: noteSKILL.md stays within the game's scope: it instructs generating a keypair locally, signing JSON transactions, posting a verification tweet (human-in-the-loop), and calling the service's API. It does not request unrelated system files or other service credentials. Note: the skill relies on you storing/using a private key locally — that is sensitive and must not be uploaded or pasted into third-party services.
Install Mechanism: noteNo install spec in the registry (instruction-only skill). The README suggests installing npm packages (tweetnacl, tweetnacl-util) via npm — a standard public registry action. There is no download-from-URL or opaque extractor; risk is low but the skill does assume you will run npm commands locally.
Credentials: okThe skill declares no required environment variables or external credentials. All sensitive material is the generated Ed25519 secret key, which the instructions say must remain local. The tweet verification method does not require supplying Twitter/X credentials to the service (the server validates the public tweet URL).
Persistence & Privilege: noteThe skill is not always-enabled and is user-invocable. Model invocation is allowed (platform default). Because the workflow relies on a local secret key, exercise caution if you permit any agent or plugin to access local files or clipboard: autonomous invocation combined with access to a stored secret key would let the agent sign transactions.