v1.0.0

Skill Namer

BenignClawScan verdict for this skill. Analyzed May 1, 2026, 5:44 AM.

Analysis

The skill is a coherent naming assistant with simple optional helpers and no evidence of credential use, destructive actions, or hidden data exfiltration.

GuidanceThis appears safe for generating names. Before installing, be aware that checking availability through registrar or ENS links can disclose candidate names, and decide whether you want the agent to remember your favorite TLDs.

Findings (2)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Insecure Inter-Agent Communication

SeverityLowConfidenceHighStatusNote

SKILL.md

- **Availability checking**: Manual links across ENS + Unstoppable + top ICANN registrars

The skill may produce links to third-party availability services. This is disclosed and manual, but following those links can reveal candidate names to those providers.

User impactIf you click generated availability-check links, external domain or ENS services may see the names you are considering.

RecommendationAvoid checking highly confidential names through third-party links until you are comfortable disclosing them.

Memory and Context Poisoning

SeverityLowConfidenceHighStatusNote

SKILL.md

- **TLD favorites**: default to `.eth`, `.ai`, `.com`, `.dao` (user can set favorites; persist)

The skill asks the agent to retain a user preference across uses. This is purpose-aligned and low sensitivity, but it is still persistent context.

User impactThe agent may remember preferred TLDs and use them in future naming tasks.

RecommendationOnly persist preferences you are comfortable retaining, and override or clear them if they become inaccurate.