Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
NFT Skill - Autonomous AI Artist Agent
v1.0.0Autonomous AI Artist Agent for generating, evolving, minting, listing, and promoting NFT art on the Base blockchain. Use when the user wants to create AI art, mint ERC-721 NFTs, list on marketplace, monitor on-chain sales, trigger artistic evolution, or announce drops on X/Twitter.
⭐ 0· 1.2k·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
OpenClaw
Suspicious
medium confidencePurpose & Capability
The code, CLI, and SKILL.md implement generation, IPFS upload, ERC‑721 minting, marketplace listing, on‑chain monitoring, and social posting — all coherent with the described NFT artist purpose. However the registry metadata (as provided to the platform) contradicts the SKILL.md: registry claims no required env vars and no primary credential, but the SKILL.md and source code clearly require many secrets (BASE_PRIVATE_KEY, PINATA keys, LLM and image provider keys, X/Twitter keys, etc.). The skill also contains deployment scripts and contracts (Hardhat) so blockchain credentials are legitimately needed; the metadata omission is an inconsistency that should be corrected/verified.
Instruction Scope
SKILL.md instructs the agent to run npm install/build, read/write a .env file, deploy contracts, access LLM/image/IPFS/Twitter APIs, and stream on‑chain events — all expected for this functionality. The agent is also encouraged to autonomously run the generate→mint→list→tweet→monitor→evolve cycle (README/SKILL.md), which means it can perform actions that spend real funds and post to social media. The instructions do not attempt to read unrelated system files, but they do instruct writing to .env and persisting evolution state to disk (evolution.json).
Install Mechanism
Install uses a shell step that runs 'npm install' and 'npm run build' (standard for Node projects). Dependencies come from npm (package.json and package-lock.json present) — moderate risk but expected. Oddity: the install spec claims 'creates binaries: node' which is incorrect (node is a required runtime, not installed by the skill) — likely a metadata/authoring mistake. There are no downloads from unknown URLs or archive extractions; code is included in the bundle.
Credentials
The SKILL.md requires many sensitive environment variables (BASE_PRIVATE_KEY or PRIVATE_KEY_FILE, PINATA_API_KEY/SECRET, LLM and image provider keys, X/Twitter keys). These are proportionate to the stated capabilities, but the platform registry metadata omits them (claims none) and does not declare a primary credential — that mismatch is concerning because users may install without being warned to provide a signing key. Because the skill can sign transactions with BASE_PRIVATE_KEY, this gives it the ability to move funds / mint costly transactions; treat the private key as high risk and prefer PRIVATE_KEY_FILE with a restricted-wallet/faucet account for testing.
Persistence & Privilege
The skill does not request 'always: true' and does not appear to modify other skills. It persists evolution state and writes contract addresses to .env during deploy — expected behavior. The real risk is operational: if allowed to run autonomously, the agent can perform on‑chain transactions and post to social media using provided credentials; combine that with large or primary wallets and the blast radius is high. This is expected for a blockchain-integrated autonomous skill but requires user caution.
What to consider before installing
What to check before installing/use:
- Metadata mismatch: the registry entry claims no env vars / no primary credential, but SKILL.md and the source require many secrets (BASE_PRIVATE_KEY, Pinata keys, LLM/image provider keys, X/Twitter keys). Do not trust the registry summary — review SKILL.md and README instead.
- Private key risk: the skill can sign on‑chain transactions. Use a dedicated wallet with minimal funds (testnet or a small mainnet wallet) and prefer PRIVATE_KEY_FILE pointing to a file with restricted permissions rather than pasting a main private key into .env.
- Autonomous actions: the skill is designed to autonomously mint/list and post to X. If you plan to let an agent invoke this skill autonomously, restrict credentials and monitor activity closely (or disable autonomous invocation until you audit the code).
- Installation: the install runs npm install/build from the skill directory and will install third‑party npm packages — review package.json and package-lock.json for any unexpected dependencies. The install metadata contains a minor error claiming it 'creates binaries: node' — node should already be present on the host.
- Verify source: the SKILL.md references a GitHub homepage (https://github.com/Numba1ne/nft-skill) but the registry/source fields you were given say 'unknown' / 'none'. Try to find the canonical repository and inspect commit history or a verified release. If you cannot find a trustworthy upstream, treat the package as higher risk.
- Test on testnet first: deploy and run the skill on Base Sepolia (or a local chain) and use throwaway API keys to confirm behavior before supplying production keys.
- Principle of least privilege: only provide the environment variables actually needed for the operations you want (e.g., omit X_* keys if you won't use tweet feature), and rotate any keys provided to the skill after testing.
If you want, I can:
- Highlight exact lines in the source that read/write the private key, PINATA, or social APIs.
- Produce a minimal .env example and a recommended low-permission test wallet configuration.
- Check package.json/package-lock.json for any uncommon/native modules to audit further.Like a lobster shell, security has layers — review code before you run it.
ai-artvk974zcpsxskfgmfrdqw563jrq180v2j3basevk974zcpsxskfgmfrdqw563jrq180v2j3blockchainvk974zcpsxskfgmfrdqw563jrq180v2j3erc721vk974zcpsxskfgmfrdqw563jrq180v2j3ipfsvk974zcpsxskfgmfrdqw563jrq180v2j3latestvk974zcpsxskfgmfrdqw563jrq180v2j3marketplacevk974zcpsxskfgmfrdqw563jrq180v2j3nftvk974zcpsxskfgmfrdqw563jrq180v2j3web3vk974zcpsxskfgmfrdqw563jrq180v2j3
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
🎨 Clawdis
Binsnode, npm