Warren - On-Chain NFT Deploy
v1.0.0Deploy NFT collections permanently on MegaETH blockchain. Images stored on-chain via SSTORE2. Create and launch NFT collections with royalties, minting, and management pages.
⭐ 1· 1.8k·1 current·1 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The skill's stated purpose (on-chain NFT deployment) matches the provided code (a Node script using ethers, on-chain bytecode, and RPC defaults). However the registry metadata lists no required environment variables or primary credential, while the SKILL.md and example commands explicitly instruct users to set PRIVATE_KEY=0x... when running deploy-nft.js. That is a clear mismatch: a private key is required in practice but not declared. Additional environment variables (RPC_URL, REGISTER_API, TREASURY_ADDRESS, etc.) are present in the code and can be overridden via env, which is reasonable, but the missing declaration of the private key is disproportionate and concerning.
Instruction Scope
Runtime instructions tell the user to run setup.sh and to run node deploy-nft.js with PRIVATE_KEY in the environment. The script will sign and send transactions to an RPC (default https://carrot.megaeth.com/rpc) and register the collection via a web API (default https://megawarren.xyz/api/container-nfts). Instructions appear to limit file access to an images folder, but the SKILL.md contains a detected 'base64-block' prompt-injection pattern (see scan findings) which is unusual for a deployment guide and could indicate embedded/obfuscated payloads in the markdown. The instructions also encourage passing a raw private key in an environment variable—this is sensitive and the instructions do not advise using a throwaway/testnet key or hardware signing, nor do they describe what data is sent to the web registration endpoint. Overall the runtime instructions grant the agent permission to execute code that uses a secret key and contacts external endpoints without documenting what exactly will be transmitted.
Install Mechanism
There is no registry-level install spec; the included setup.sh runs npm init and npm install ethers, which is a standard, minimal Node install step. No downloads from obscure hosts or extraction of remote archives are present. This is a low-risk install mechanism, but it will write node_modules to disk.
Credentials
The skill asks (in SKILL.md examples and the JS runtime) for a PRIVATE_KEY environment variable which is necessary to sign transactions; yet the skill registry lists no required credentials and no primary credential. The script also accepts/uses other env vars (RPC_URL, REGISTER_API, GENESIS_KEY_ADDRESS, TREASURY_ADDRESS, CHUNK_SIZE, etc.). Requiring a raw private key is a high-privilege request and the absence of that requirement in the metadata is a proportionality mismatch and a security concern. The code may send data to the REGISTER_API endpoint; the instructions do not state exactly what metadata is sent (risk of leaking wallet addresses, collection metadata, or worse—if implemented incorrectly—private keys).
Persistence & Privilege
The skill is user-invocable and not marked always:true; it can be invoked by the model (disableModelInvocation is not set). That is a normal default, but it means the agent could call the skill autonomously. Because the skill requires a signing key at runtime in practice, allowing autonomous model invocation without explicit user confirmation could be risky. The skill does not request permanent inclusion (always:true) so persistence is not excessive, but the combination of model-callable plus a requirement for a private key (if supplied) deserves caution.
Scan Findings in Context
[base64-block] unexpected: A 'base64-block' prompt-injection pattern was detected in SKILL.md. This is not expected for a deployment README and could indicate embedded/obfuscated content in the markdown intended to influence evaluators or hide payloads. Review the raw SKILL.md around the detected block before trusting the skill.
What to consider before installing
Do not run this with any real/mainnet private key until you verify what the code does. Specific steps to consider before installing or running:
- Source verification: The skill's source and homepage are unknown. Try to find an upstream repository or contact the publisher to verify authenticity.
- Inspect deploy-nft.js fully: search for any network requests (fetch, axios, https.request), uses of process.env.*, and any code that would transmit secrets. Confirm that the script never logs or posts the PRIVATE_KEY anywhere.
- Check what is sent to REGISTER_API (https://megawarren.xyz/api/container-nfts) — run the script in a sandbox and/or instrument it to print only the payload you expect to be sent (without the private key) before allowing the real run.
- Use a throwaway/testnet private key: Only run on the MegaETH testnet with a throwaway key that holds minimal funds, not a wallet with valuable assets.
- Prefer offline/hardware signing: If possible, modify the workflow to build unsigned transactions and sign them offline or with a hardware wallet rather than exporting a raw private key to the environment.
- Run in an isolated environment: use a disposable VM or container, and inspect network traffic (e.g., with tcpdump/mitm) to verify no unexpected exfiltration occurs.
- Review the prompt-injection block: the SKILL.md contains a detected 'base64-block' pattern—review the markdown raw contents and remove/ignore any embedded encoded payloads before trusting the doc.
If you are not comfortable reviewing the JS yourself, ask a developer or security-savvy person to audit deploy-nft.js and confirm that no secrets are transmitted and that the registration API only receives expected metadata. If any part of the code or network activity is unclear, treat the skill as untrusted.Like a lobster shell, security has layers — review code before you run it.
latestvk97f8fhw79tgskj2wdfy8pf6f980anfd
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
🖼️ Clawdis
Any binnode