Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Teneo-Protocol-CLI
v1.0.3Execute Teneo Protocol agent commands and handle x402 USDC payments on Base, Avalanche, PEAQ, and XLayer. Query agents, send commands, manage rooms, and proc...
⭐ 0· 121·0 current·0 all-time
by@np793
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
Requiring a private key to sign x402 USDC payments is consistent with the stated purpose (paid agent queries). However, the skill declares several npm dependencies and a backend endpoint in documentation but the registry entry contains no install spec or code files — this mismatch (declared runtime dependencies but no install instructions) is unexpected and should be explained by the publisher.
Instruction Scope
The SKILL.md instructs the agent to auto-generate a wallet, encrypt and store the private key under ~/.teneo-wallet/, derive a 'master secret', detect the first funder on-chain, sign payments, connect to a wss backend, and allow withdrawals. Those are privileged actions (writing files, managing keys, making on-chain queries and signing transactions). The manifest did not declare any config paths or explain how the master secret is derived/stored or which RPC providers are used, so the runtime scope is more expansive than the metadata suggests.
Install Mechanism
This is an instruction-only skill (no install spec), yet SKILL.md lists specific npm dependencies (@teneo-protocol/sdk, viem, etc.). Without an install mechanism, it's unclear whether the agent environment already contains those packages or how they will be installed. That gap is a practical incoherence rather than an explicit malicious signal, but it needs clarification.
Credentials
The skill requests no environment variables or credentials in metadata, yet the runtime behavior implies access to network RPC endpoints, filesystem write access for private keys and 'master secret', and interaction with a payment backend. There is no declared justification for these accesses (no config paths declared), and encryption/secret management details are vague — this is disproportionate to what's declared and increases risk to user funds and secrets.
Persistence & Privilege
Although 'always' is false and autonomous invocation is allowed by default, the skill's instructions persistently write encrypted private-key material to the user's home (~/.teneo-wallet/) and claim long-lived behavior (auto-generated wallet, withdraw functionality). The registry metadata failed to declare those config paths or describe lifecycle/cleanup, which is a notable privilege/persistence mismatch that the user should not ignore.
What to consider before installing
This skill could legitimately need a generated wallet to pay Teneo agents, but there are several red flags you should resolve before installing or funding any wallet it creates:
1) Ask the publisher for source code and an install script. The SKILL.md names npm packages but the registry entry has no install spec or code — confirm how the SDKs are provided and inspect the implementation (especially wallet encryption + withdrawal logic).
2) Confirm where and how the master encryption secret is derived and stored. The doc mentions a 'master secret' but gives no details; verify it is created locally, with secure permissions, and never transmitted.
3) Require explicit config-path declaration and an option to use an external signer. The skill writes to ~/.teneo-wallet/ but the metadata doesn't declare this; ask for the exact files it will create and a way to plug in a hardware or external wallet instead of auto-generating keys.
4) Do not fund any wallet until you can audit the code and the backend. Use a tiny test amount first, and prefer running the skill in an isolated VM or container.
5) Verify the backend endpoint and TLS certificate (wss://backend.developer.chatroom.teneo-protocol.ai) and review the referenced SDK on npm/GitHub to ensure it matches the publisher's claims.
6) Consider disabling autonomous invocation or limiting network access for the agent while you evaluate it; persistent wallet-writing plus autonomous execution increases blast radius.
If the publisher cannot provide source, install instructions, or clear secret-management details, treat this skill as untrusted for handling real funds.Like a lobster shell, security has layers — review code before you run it.
latestvk97an8xm4yxh5fh7je5m5dwj5s83c7w3
License
MIT-0
Free to use, modify, and redistribute. No attribution required.