Back to skill
Skillv1.0.1
ClawScan security
test after · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
SuspiciousApr 28, 2026, 3:02 AM
- Verdict
- suspicious
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The instructions claim to manage agentic wallets via the 'caw' CLI, but the skill declares no required binaries or credentials — that mismatch is unexplained and worth caution.
- Guidance
- This skill appears coherent in purpose (wallet management with safety checks) but omits key operational details. Before installing or using it: 1) Confirm whether the 'caw' CLI is required and, if so, which exact binary/version and install method are expected. 2) Ask the author how credentials (private keys, API tokens, or local config files) are supplied and protected — the skill should declare required env vars or config paths. 3) Do not point the skill at a real high-value wallet until you verify behavior; test with a sandbox/testnet wallet and small amounts. 4) Require explicit owner approval flows in practice and audit any submitted pacts/transactions. 5) If you can't obtain clear answers about binaries and credential handling, treat the skill as unsafe to grant wallet access.
Review Dimensions
- Purpose & Capability
- concernThe description and SKILL.md explicitly refer to running the 'caw' CLI (e.g., `caw wallet balance`) and performing on-chain operations. However the registry metadata lists no required binaries and no environment variables/credentials. Managing wallets via a CLI typically requires the CLI binary and authentication (keys, config files, or environment credentials). The lack of declared binaries/creds is disproportionate to the stated purpose.
- Instruction Scope
- noteThe SKILL.md focuses on wallet operations, safety checks, and explicit owner approval; it does not instruct the agent to read unrelated system files or exfiltrate arbitrary data. However it implicitly assumes access to the 'caw' CLI and whatever auth that CLI needs — the skill does not explain how those credentials/configs are obtained or protected.
- Install Mechanism
- okThere is no install spec and no code files (instruction-only). That minimizes direct install risk because nothing is downloaded or written by the skill itself.
- Credentials
- concernNo environment variables or primary credential are declared, yet the runtime behavior (on-chain wallet operations) would normally require credentials, keys, or local config access. This gap could be benign (omission) or indicate the skill expects credentials to be provided out-of-band — either way, the requested environment/credential surface is not documented and is therefore suspicious.
- Persistence & Privilege
- okalways is false and the skill is user-invocable; it does not request persistent presence or system-wide configuration changes. No indications it modifies other skills or agent settings.