ClawHub
Back to skill
v1.0.7

Pinata ERC-8004

BenignClawScan verdict for this skill. Analyzed May 1, 2026, 5:50 AM.

Analysis

This is a high-risk but clearly disclosed crypto/IPFS skill that requires a wallet private key and Pinata token, with explicit warnings and confirmation rules before irreversible actions.

GuidanceInstall only if you are comfortable giving the skill access to a dedicated Ethereum private key and Pinata API token. Use a low-balance wallet, restrict the Pinata token, and never confirm transactions, NFT transfers, uploads, or deletions unless the displayed details are exactly what you intend.

Findings (4)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation
SeverityHighConfidenceHighStatusNote
SKILL.md
Before ANY transaction or destructive operation, you MUST: Display complete operation details; Wait for explicit "yes" or "confirm" from user; Never proceed with implied consent

The skill can perform high-impact actions such as blockchain transactions and file deletions, but it explicitly requires user confirmation and full operation details before proceeding.

User impactConfirmed actions may spend gas, mint NFTs, transfer ownership, or delete IPFS files, and some of these actions cannot be undone.
RecommendationOnly confirm after checking the full wallet address, contract, network, token ID, CID, and estimated cost.
Unexpected Code Execution
SeverityLowConfidenceMediumStatusNote
SKILL.md
PRIVATE_KEY is used ONLY as an argument to Viem's privateKeyToAccount() inside generated Node.js scripts

The workflow involves generated Node.js scripts for blockchain operations. This is aligned with the Viem-based purpose, but generated code that handles private keys should be reviewed carefully.

User impactRunning generated scripts without review could expose or misuse credentials if the generated script deviates from the documented rules.
RecommendationReview generated scripts before running them and ensure credentials are referenced only via environment variables, not written into files or logs.
Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse
SeverityHighConfidenceHighStatusNote
SKILL.md
PRIVATE_KEY (Ethereum wallet private key) - Used for: Signing blockchain transactions, minting NFTs, transferring assets

The skill requires a raw Ethereum private key, which is powerful account authority. The artifact clearly discloses the risk and instructs users to use a dedicated low-value wallet.

User impactIf the wrong wallet key is provided or a transaction is confirmed incorrectly, the wallet could spend gas or transfer valuable NFTs/assets.
RecommendationUse only a dedicated, low-balance wallet for this skill, never a primary wallet, and verify every transaction before confirming.
Identity and Privilege Abuse
SeverityMediumConfidenceHighStatusNote
SKILL.md
PINATA_JWT (IPFS API token) - Used for: Uploading/deleting files on Pinata IPFS

The skill requires a Pinata API credential that can affect hosted IPFS content and storage quota. The artifact discloses this and recommends a dedicated or restricted Pinata account/key.

User impactA broadly scoped Pinata token could allow unwanted uploads, deletions, or quota usage if misused.
RecommendationUse a dedicated Pinata account or restricted API key limited to the files and operations needed for agent registration.