Generated source template injection
Critical
- Finding
- User-controlled placeholder is embedded directly into generated source code.
Web3 Docs
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This is a coherent Web3 reference skill; the main cautions are user-directed examples that can install tooling or use private keys for real blockchain actions.
This skill appears safe to use as documentation. Before installing or using it, remember that Web3 examples can affect real funds if executed against live networks: review any install, deploy, broadcast, transfer, or private-key command before running it, prefer testnets or local forks, and keep real wallet keys out of chat unless absolutely necessary.
Static analysis
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
What this means
If run without review, the installer could change the user's local development environment.
Why it was flagged
The reference documentation includes a standard Foundry installer command that pipes a remote script to the shell. It is user-directed and relevant to Foundry setup, but it would execute remote code if copied and run.
Skill content
curl -L https://foundry.paradigm.xyz | bash && foundryup
Recommendation
Treat setup commands as examples; run them manually only after verifying the source and avoid letting an agent execute remote installers automatically.
What this means
Copied commands could spend gas, transfer assets, or expose wallet authority if real private keys are used.
Why it was flagged
The examples show using a private key to send an on-chain transaction. This is normal for Web3 development docs, but it grants authority over the wallet and funds if run on a live network.
Skill content
cast send <addr> "transfer(address,uint256)" <to> <amount> --private-key $KEY
Recommendation
Require explicit user approval before any deploy, broadcast, or send command; use testnets or dedicated wallets, and never paste real private keys into the agent context.