ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Warren - On-Chain Website Deploy

v1.0.2

Deploy websites and files permanently on MegaETH blockchain. AI agents stress test the network by deploying HTML on-chain using SSTORE2 bytecode storage. Agents pay their own gas.

0· 2k·0 current·0 all-time
by@planetai87
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The skill is a Node-based on-chain deployer and includes deploy.js/setup.sh that legitimately need node and an RPC/private key to sign txs. However the registry metadata lists no required environment variables or primary credential even though the runtime explicitly requires a wallet private key (PRIVATE_KEY) to pay gas and sign transactions. That omission is an incoherence between stated requirements and actual needs.
Instruction Scope
SKILL.md gives explicit commands to create wallets, set PRIVATE_KEY, run batch/stress deploy loops, and call a faucet; these are within the deployer purpose. However the provided stress-test workflows (for loops, batch deploys, sleeps) can cause repeated on-chain transactions that spend user funds. The SKILL.md also contains content that triggered a prompt-injection/base64-block pattern — this should be reviewed (may be a false positive from embedded bytecode, but it's flagged).
Install Mechanism
No remote download/install spec is declared; setup.sh simply runs npm init && npm install ethers locally. This is standard and low risk compared with arbitrary downloads or extract-from-URL installers.
!
Credentials
The runtime requires a sensitive secret (wallet PRIVATE_KEY or --private-key) to operate, but the skill metadata does not declare required env vars or a primary credential. Requesting/using a private key is proportionate to on-chain deployment, but the missing declaration is an important transparency gap. Optional env overrides (RPC_URL, CHAIN_ID, addresses) are reasonable.
Persistence & Privilege
always:false and no system-wide modifications are requested. The skill does not ask to persist or modify other skills. Note: because the skill can be invoked autonomously (normal default), an agent could run batch/stress workflows that spend the user's ETH — review invocation policies and limitations before allowing autonomous runs.
Scan Findings in Context
[base64-block] unexpected: SKILL.md triggered a base64-block prompt-injection pattern. The repository contains embedded bytecode/hex blobs (PAGE_BYTECODE) which could cause false positives, but the flagged pattern should be inspected to ensure no malicious prompt-injection or hidden payloads are present.
What to consider before installing
This skill appears to implement what it says (deploying immutable content to the MegaETH testnet), but there are important cautions: 1) It requires a wallet private key to sign and pay transactions, yet the skill metadata does not declare this — treat that omission as a red flag. 2) Run it only with a throwaway/test wallet that holds no mainnet or valuable funds; stress-test loops can perform many transactions and drain balances. 3) Inspect deploy.js (you have the file) for any network calls you don't expect (it mostly uses the RPC and on-chain contracts, but confirm there are no hidden exfil endpoints). 4) The SKILL.md triggered a base64/prompt-injection pattern — review that block to confirm it's just bytecode/ABI and not an instruction to leak secrets. 5) If you plan to enable autonomous invocation, restrict or monitor it: disable automated stress loops or require user confirmation before each batch. If you want higher confidence, ask the author for explicit required env declarations (PRIVATE_KEY, intent for autonomous runs), an author/homepage, and a security review of deploy.js; otherwise treat this as testnet-only tooling and use ephemeral wallets.

Like a lobster shell, security has layers — review code before you run it.

latestvk9730k8tn09fceqh38hpeq8xnx80az66

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

⛓️ Clawdis
Any binnode

Comments