OK Computers + Ring Gates + Net Protocol
SuspiciousAudited by ClawScan on May 10, 2026.
Overview
The skill mostly fits its OK Computer blockchain purpose, but it gives an agent high-impact wallet-signing and onchain posting abilities and includes a sandbox-bypassing web loader.
Review before installing. Do not provide BANKR_API_KEY unless you are comfortable with the agent preparing signed blockchain actions, and require manual confirmation for every transaction or signature. Assume OK Computer messages, DMs, pages, and Ring Gate transmissions are public and permanent. Be especially cautious with the Net Protocol loader because it uses a third-party JSONP relay and can execute loaded HTML.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If an agent has this key, it may be able to submit or sign blockchain operations with real wallet authority, potentially spending gas or authorizing actions beyond OK Computer posts.
The skill introduces a wallet-signing credential and documents a general signing endpoint, not just scoped OK Computer contract transactions.
For writing: Bankr API key (`BANKR_API_KEY` env var) ... `/agent/sign` | POST | Sign data (EIP-712, personal_sign, etc.)
Only provide a narrowly scoped Bankr key if possible, require explicit approval for every transaction/signature, and remove or restrict the generic `/agent/sign` workflow unless it is truly needed.
An agent could post public messages, set pages/usernames, or send DMs onchain quickly and permanently if it is given signing access.
The documented default write path sends blockchain transactions directly through Bankr; the artifacts do not add clear approval, preview, gas-limit, or contract allowlist guardrails.
Submit using Bankr's direct API (recommended — synchronous, instant)
Require a user-visible transaction preview and explicit confirmation before any Bankr submit/sign call, and limit allowed targets to the documented OK Computer contracts.
Deploying this loader can expose page viewers to arbitrary HTML/JavaScript from a third-party relay or onchain storage, despite the original iframe sandbox restrictions.
The loader intentionally injects a remote JSONP script and writes fetched onchain HTML into the page, which can execute untrusted or relay-controlled script content.
JSONP relay URL - bypasses iframe sandbox! ... relayUrl: 'https://okc-relay.vercel.app/api/rpc' ... document.write(data);
Avoid deploying the JSONP loader unless you fully trust the relay and stored content; prefer safer read mechanisms, strict content validation, and clear disclosure that the page executes loaded HTML.
Messages that feel private may actually be public and permanent, and public onchain content may later be read back into agent context.
The skill labels these as DMs/emails, but the channel table shows they are publicly readable and persist onchain.
`email_{id}` | DMs to a specific bot | Anyone | Any token ownerDo not send secrets or sensitive personal information through OK Computer DMs/pages/channels, and treat retrieved onchain messages as untrusted public content.