Switchboard Skills
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: switchboard-data-operator Version: 1.0.0 The skill bundle defines an autonomous agent for Switchboard oracle operations, involving high-risk capabilities such as signing blockchain transactions, moving funds, deploying contracts, and executing shell commands (e.g., `npm install`, `docker-compose`). While the `SKILL.md` includes extensive and explicit security instructions (e.g., `OperatorPolicy` for user-controlled permissions, mandatory secret handling rules forbidding exfiltration), the inherent power and complexity of these operations, combined with the agent's ability to design oracle jobs that could include `llmTask` (a potential prompt injection vector against the oracle's LLM) or `secretsTask` (accessing external secret servers), elevate the risk beyond benign. The skill itself does not exhibit malicious intent, but the broad capabilities and the potential for vulnerabilities in an autonomous system handling financial and on-chain operations warrant a 'suspicious' classification.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If enabled, the agent may create irreversible blockchain transactions, pay fees, or change deployed on-chain state within the user’s chosen limits.
These are high-impact actions that can affect on-chain assets and deployments. They are disclosed and tied to a required security policy, so this is a purpose-aligned note rather than a concern.
* sign transactions (any chain) * move funds / pay fees * deploy contracts/programs * write to on-chain state
Use read_only or execute_with_approval unless you are comfortable with automated transactions; set strict spend limits and allowlists before any execution.
Granting signing authority can let the agent act with the permissions of the selected wallet or signer.
The skill may rely on wallet keys or signers, including mainnet signing. The artifact clearly requires explicit user choices and defaults against persistence.
Key custody & handling: * where keys come from (file path, keystore, env var, remote signer) * whether you may persist them (default: NO) * whether mainnet signing is allowed (explicit YES required)
Prefer hardware wallets, remote signers, or limited-purpose wallets; never provide seed phrases; require explicit approval for mainnet signing.
Operational settings could influence later actions if reused, and key-location details may be sensitive even if the keys themselves are not stored.
The policy may include sensitive operational preferences such as key locations, spend limits, endpoints, and allow/deny lists. The artifact also says secrets should not be printed and persistence defaults to no.
ask a single compact set of questions and record the answers as `OperatorPolicy`
Do not include raw secrets in the policy; keep persistence disabled unless necessary; review or clear stored policy details after sensitive tasks.
Installing external packages can introduce code from third-party package registries into the local environment.
The skill references external npm packages and a globally installed CLI. This is expected for developer tooling and not shown as automatic execution, but users should verify package provenance.
`npm install @switchboard-xyz/on-demand` ... `npm install -g @switchboard-xyz/cli`
Install only from trusted package sources, review package versions, and avoid global installs where a project-local install is sufficient.