Skillv1.0.3

ClawScan security

Niftyagents · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 12, 2026, 7:22 PM

Verdict: Benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's code, instructions, and required resources are coherent with its stated purpose (mint/sign/verify/transfer SVG assets) and do not request unrelated credentials or network endpoints, though you should be careful about local key storage and running the included simulation/server code.
Guidance: This skill appears to implement what it says: a non-blockchain SVG signing/transfer protocol. Before installing or running code: 1) Review/limit where you run the included server (it's a local verification endpoint; don't expose it to untrusted networks). 2) Treat secretKey material carefully — the simulation writes Base64 secret keys to vault.json; for production use, replace that with an encrypted vault or OS-managed key store. 3) If you plan to npm install and run tests, audit the package.json dependencies (tweetnacl, svgo, express are expected) and run tests in an isolated environment. 4) The SKILL.md contains full source and embedded base64 manifests (the pre-scan flagged this); that's expected here but review any Base64 content before using in sensitive contexts. If you want higher assurance, ask the author for a reproducible build, or run the test suite inside an isolated container and inspect vault.json handling.
Findings: [base64-block] expected: SKILL.md and README embed base64-encoded NASP manifests (e.g., genesis_artifact.svg metadata). The detector flagged base64 content, but embedding base64 metadata is a core protocol design here and is expected. Still, any base64 blobs should be reviewed manually if you are concerned about hidden payloads.

Review Dimensions

Purpose & Capability: okThe name/description (NASP) matches the included TypeScript sources: index.ts implements identity generation, signing, verification, and transfer of SVGs; server.ts provides an optional local verification endpoint. No unrelated env vars, binaries, or external credentials are requested.
Instruction Scope: noteSKILL.md instructions stay within the stated domain (import functions, run verification server, run tests/simulation). It includes full file contents and example artifacts (which contain base64-encoded manifests). The simulation code writes vault files containing secret keys to disk (simulation/vault.ts) — that's expected for a local simulation but is sensitive; the SKILL.md explicitly warns to keep secretKey secure.
Install Mechanism: okThere is no automated install spec (instruction-only for OpenClaw). The repository includes package.json and a package-lock with normal npm dependencies (tweetnacl, svgo, express, etc.). Installing/running the code would require standard npm tooling; no remote arbitrary downloads or obscure installers are present in the package manifest.
Credentials: noteNo environment variables, credentials, or config paths are requested. The only sensitive artifact is agent secret keys: the simulation stores secretKey in 'vault.json' (Base64) and sets file permissions (chmod 600). Storing keys locally in plaintext-base64 is functional for simulations but could be risky for real deployments unless the user replaces it with an encrypted/managed vault.
Persistence & Privilege: okSkill is not configured as always:true and does not request persistent platform-wide privileges. The code writes files when you run the simulation or mint scripts (expected behavior), but it does not modify other skills or global agent settings.