Switchboard Skills
PassAudited by ClawScan on May 10, 2026.
Overview
The visible skill is a coherent Switchboard/blockchain operator, but it can sign transactions and handle keys if the user grants that authority.
This skill is not suspicious based on the visible artifacts, but it is powerful. Before installing or using it, decide whether it may only plan, whether every transaction needs approval, which wallets and networks it may use, exact spend limits, and which program or contract addresses are allowed. Avoid full autonomy on mainnet unless you fully understand and accept the risk.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If enabled, the agent may create irreversible blockchain transactions, pay fees, or change deployed on-chain state within the user’s chosen limits.
These are high-impact actions that can affect on-chain assets and deployments. They are disclosed and tied to a required security policy, so this is a purpose-aligned note rather than a concern.
* sign transactions (any chain) * move funds / pay fees * deploy contracts/programs * write to on-chain state
Use read_only or execute_with_approval unless you are comfortable with automated transactions; set strict spend limits and allowlists before any execution.
Granting signing authority can let the agent act with the permissions of the selected wallet or signer.
The skill may rely on wallet keys or signers, including mainnet signing. The artifact clearly requires explicit user choices and defaults against persistence.
Key custody & handling: * where keys come from (file path, keystore, env var, remote signer) * whether you may persist them (default: NO) * whether mainnet signing is allowed (explicit YES required)
Prefer hardware wallets, remote signers, or limited-purpose wallets; never provide seed phrases; require explicit approval for mainnet signing.
Operational settings could influence later actions if reused, and key-location details may be sensitive even if the keys themselves are not stored.
The policy may include sensitive operational preferences such as key locations, spend limits, endpoints, and allow/deny lists. The artifact also says secrets should not be printed and persistence defaults to no.
ask a single compact set of questions and record the answers as `OperatorPolicy`
Do not include raw secrets in the policy; keep persistence disabled unless necessary; review or clear stored policy details after sensitive tasks.
Installing external packages can introduce code from third-party package registries into the local environment.
The skill references external npm packages and a globally installed CLI. This is expected for developer tooling and not shown as automatic execution, but users should verify package provenance.
`npm install @switchboard-xyz/on-demand` ... `npm install -g @switchboard-xyz/cli`
Install only from trusted package sources, review package versions, and avoid global installs where a project-local install is sufficient.