Skillv1.0.0

ClawScan security

Devtopia Identity · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousFeb 16, 2026, 6:22 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's instructions describe a CLI-driven wallet identity system and local keystore handling (consistent with its purpose), but the skill metadata does not declare the required CLI or any install instructions — an incoherence that could lead to unexpected behavior or hidden installation steps.
Guidance: This skill appears to be what it says (wallet-backed identity on Base), but it assumes a 'devtopia' CLI that is not declared or provided. Before installing or using: 1) Verify the origin and authenticity of the 'devtopia' CLI (official website, checksums, signed releases). 2) Do not paste private keys into untrusted prompts; prefer importing encrypted keystores and keep backups encrypted. 3) Confirm any external endpoints (e.g., market.devtopia.net) are legitimate before sending proofs or tokens. 4) If you cannot verify the CLI/install source, avoid running commands that would download or execute unknown binaries. If possible, request the skill author to declare required binaries and provide secure install instructions or a vetted package source.

Review Dimensions

Purpose & Capability: noteThe skill claims to manage wallet-backed identities on Base and its instructions match that purpose (register, sign challenges, store encrypted keystore at ~/.devtopia/identity-keystore.json). However, the SKILL.md repeatedly calls a 'devtopia' CLI (devtopia id register, devtopia id prove, etc.) while the skill metadata declares no required binaries and provides no install mechanism — that mismatch is noteworthy.
Instruction Scope: noteInstructions are narrowly focused on wallet/key operations, challenge signing, keystore backup/restore, and on-chain registration. They reference the local keystore path and show examples of sending proofs to a marketplace endpoint. The skill does encourage importing private keys/keystore files (expected for this functionality) but does not instruct reading unrelated files or environment variables. Be aware the examples include posting proofs to external endpoints (market.devtopia.net), so proofs or derived tokens could be transmitted off-host if you follow examples.
Install Mechanism: concernThis is an instruction-only skill with no install spec (lower risk generally). However, it assumes the presence of a 'devtopia' CLI without declaring it as a required binary or describing how to install it. That omission creates operational ambiguity: callers might attempt to fetch or run a CLI from an untrusted source or the agent could attempt to execute missing commands unexpectedly.
Credentials: noteThe skill requests no environment variables or credentials in metadata (good). The workflow inherently requires handling private keys/keystore files (user-supplied) and will operate on ~/.devtopia/identity-keystore.json. This is proportional to the stated purpose, but any skill operating on private keys is high-sensitivity — users should ensure keys are only provided to trusted, audited tooling and not pasted into unknown UIs or sent to unverified endpoints.
Persistence & Privilege: okThe skill does not request persistent/always-on privileges and does not modify other skills or system-wide settings (always: false). Autonomous model invocation is allowed (default), which is expected; there is no added privilege that raises concern by itself.