Skillv0.3.0

ClawScan security

Agent Outlier · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 3, 2026, 3:41 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's stated purpose (playing an on‑chain game) matches the instructions, but it requires a full PRIVATE_KEY and directs installing an external npm SDK (which is not included for review), so there is meaningful risk of key misuse or malicious behavior from third‑party code.
Guidance: This skill is coherent with its stated purpose but carries real risk: it asks you to provide a PRIVATE_KEY and to install an external npm SDK that is not included in the package. Before installing or using it: (1) treat the PRIVATE_KEY as full access to the wallet — use a dedicated burner wallet with only the funds you can afford to lose; (2) review the 'agent-outlier-sdk' package source on GitHub/npm (look for network calls, telemetry, or key handling) before npm install; (3) consider using an RPC or signing setup that limits exposure (e.g., a remote signer or hardware wallet where possible) or require manual signing rather than giving the private key to an automated agent; (4) run installs in an isolated environment/container; and (5) if you want stronger protection, only proceed if you can audit the SDK code or the skill vendor provides a reviewed, pinned release.

Review Dimensions

Purpose & Capability: okName/description, examples, and required tools (node/npm) line up with an npm-based on‑chain game client that signs transactions on Base; the PRIVATE_KEY is plausibly required to submit commits/reveals/claims.
Instruction Scope: noteSKILL.md instructs the agent to install 'agent-outlier-sdk' and 'ethers' and to create a wallet from process.env.PRIVATE_KEY and a public Base RPC. The instructions stay within the game's domain (reading contract state and sending txs) and do not ask the agent to read unrelated files, but they implicitly allow signing on behalf of the user and do not constrain or verify how the SDK handles keys.
Install Mechanism: concernThere is no packaged code in the skill itself; it instructs the environment to 'npm install agent-outlier-sdk ethers'. Installing third‑party npm packages at runtime is moderate risk because the SDK's behavior can't be reviewed here — it could exfiltrate keys or perform unwanted transactions. The registry provides an upstream GitHub repo, but the registry did not include the SDK for review.
Credentials: concernThe only required credential is PRIVATE_KEY which is directly used for signing transactions — that is functionally necessary, but granting an arbitrary skill full private key access is high risk. The SKILL.md asserts the key is 'never stored or transmitted' but that cannot be verified without auditing the SDK. No additional unrelated credentials are requested.
Persistence & Privilege: okalways is false and the skill is user-invocable with normal autonomous invocation allowed. The skill does not request persistent system-level privileges or config changes in the manifest.