Skillv1.0.0

ClawScan security

Tip with Grove · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousFeb 11, 2026, 9:47 AM

Verdict: suspicious
Confidence: high
Model: gpt-5-mini
Summary: The skill and included scripts are coherent with a Grove tipping CLI, but they ask you to run a remote install script (curl | bash), implicitly access a local wallet file (~/.grove/keyfile.txt) and rely on undeclared utilities (jq, bc), so there are proportionality and install-risk mismatches you should review before installing.
Guidance: This skill appears to genuinely implement Grove CLI tips and includes helper scripts to fund, monitor, and batch-tip. However: (1) the install step runs a remote script via 'curl | bash' — inspect the install script (https://grove.city/install-cli.sh) before running or prefer an auditable release (GitHub release, package manager). (2) The bundled scripts expect and will use a wallet file at ~/.grove/keyfile.txt (private keys) and can perform on-chain funding/tipping; do not point them at a wallet that holds large funds. (3) The scripts use jq and bc but the manifest doesn't list those dependencies — ensure required utilities are installed. (4) Be careful with automation flags (--yes, cron) and webhook URLs — these can cause unattended transactions or data sent to external endpoints. Recommended actions: review the install script source, run the CLI in an isolated/test environment first, back up and preferably use a test wallet, verify and install missing dependencies (jq, bc), and avoid granting the skill access to production wallets until you trust the issuer.

Review Dimensions

Purpose & Capability: noteThe name/description (Grove CLI tipping) matches the included scripts (auto-fund, monitor-balance, batch-tip) and SKILL.md guidance. However the package omits declaring some real runtime needs: the scripts call 'jq' and 'bc' (and rely on standard unix tools) but the manifest only requires curl and bash (and optionally python/node). The scripts also expect a wallet/keyfile at ~/.grove/keyfile.txt, but no required config path or credential is declared in the registry metadata. These omissions are inconsistent with the stated purpose and should be clarified.
Instruction Scope: concernSKILL.md instructs agents/users to run 'curl -fsSL https://grove.city/install-cli.sh | bash' to install the CLI and to run grove commands that create/use wallets and perform fund/tip operations. The included scripts will read/write local ~/.grove/ files and can execute fund/tip operations (including automated funding via cron or batch tipping). While this behavior is within the tipping domain, instructing automatic installation of remote code and automated operations on a wallet expands scope and requires explicit declarations and safeguards (the skill does provide some confirmation prompts, but the scripts support skipping confirmations).
Install Mechanism: concernThe SKILL.md and metadata point to a remote install script executed via 'curl | bash' from https://grove.city/install-cli.sh. Download-and-execute installs are high-risk (remote code executed with local privileges). The url is not a known vetted package registry/release host in metadata; although it matches the skill homepage, this install method still deserves caution and review of the install script contents before running.
Credentials: concernNo environment variables or credentials are declared in requires.env, yet the scripts implicitly rely on a wallet file (~/.grove/keyfile.txt) and optionally DEFAULT_NETWORK environment variable. They also POST to user-supplied webhook URLs. Access to a local private key file is directly relevant to tipping, but the registry should explicitly declare required config paths/credentials so users know a secret wallet file will be read/used. The absence of such declarations is an incoherence and a privacy/security risk.
Persistence & Privilege: okThe skill does not request always:true and does not modify other skills or system-wide settings. The scripts are normal user utilities (can be scheduled in cron) and do not request elevated platform privileges. Autonomous invocation is allowed by default for skills but is not combined with other excessive privileges here.