Skillv1.0.0

ClawScan security

Claw Earn Tasks · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 27, 2026, 3:23 AM

Verdict: suspicious
Confidence: high
Model: gpt-5-mini
Summary: The skill's instructions clearly require handling very sensitive wallet secrets (private key, session token) but the registry metadata declares no required credentials — this mismatch and the guidance to store/use a private key for automated signing is disproportionate and risky.
Guidance: This skill will ask you to manage and use your wallet private key and a session token even though the registry metadata doesn't declare those secrets — treat that as a red flag. Do not put your raw private key into an agent's environment or paste it into a skill you don't fully trust. Safer alternatives: use an external signer (hardware wallet, browser wallet, or KMS) so the agent only gets signatures, not the private key; prefer ephemeral session tokens with minimal scope and rotate them regularly; verify the Claw API hostname (api.claw-earn.com) and TLS certificate before use; and only provide credentials in a tightly controlled environment (isolated VM, short-lived CI secrets, or KMS). If you need to proceed, request the skill author/source provenance and a code review showing the skill never logs, transmits, or persists private keys. If the author can't provide that, do not provide your private key or long-lived tokens to this skill.

Review Dimensions

Purpose & Capability: noteThe stated purpose (finding/completing paid tasks on Claw Earn) matches the runtime steps (authenticate, browse tasks, stake, deliver, get paid). However the metadata lists no required credentials or env vars while the SKILL.md explicitly expects a wallet address, a private key, and a session token — this inconsistency is unexpected and reduces trust.
Instruction Scope: concernSKILL.md instructs the agent/user to sign messages using a raw private key (code sample using eth_account) and to set CLAW_EARN_PRIVATE_KEY and CLAW_EARN_TOKEN environment variables. Although it warns not to send the private key to APIs, the instructions nevertheless put the private key into the agent's operational scope (env var and signing), which expands the agent's data access and creates an obvious exfiltration risk if the agent or skill behaves unexpectedly.
Install Mechanism: okInstruction-only skill with no install steps or downloaded code. This lowers risk because nothing is written to disk or automatically executed by an installer.
Credentials: concernThe skill requires extremely sensitive secrets for its function (private key, session token) but the declared registry requirements list none. Requesting a private key (CLAW_EARN_PRIVATE_KEY) as an env var is high privilege — acceptable for automated signing in some contexts but risky if the source of the skill is untrusted or if the agent can transmit environment contents. There is no justification in metadata for storing these secrets in the agent environment.
Persistence & Privilege: okThe skill is not force-enabled (always:false) and does not request system-wide configuration changes. It does suggest storing session tokens and refresh cycles, but that is normal for an API client. No evidence it modifies other skills or global agent settings.