Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Jubilee Skill, By Jubilee Labs
v0.1.0Manage and grow your agent's treasury across Base, Solana, and Ethereum using Jubilee Protocol vaults for sustainable yield and principled spending.
⭐ 0· 522·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The skill's stated purpose is on‑chain treasury management (deposits, withdrawals, transfers). The documentation references npm scripts and lib/*.js files to perform those actions, and it requires access to a wallet private key and RPC endpoints. However, the registry metadata declares no required environment variables, no config paths, no primary credential, and there are no code files in the package. That mismatch (documented capabilities that require private keys and code versus no declared permissions and no code) is a significant incoherence.
Instruction Scope
Runtime instructions instruct the agent to read a wallet JSON containing a raw privateKey at a specific path (~/.openclaw/.../agent_wallet.json), to use .env RPC variables, and to analyze local git activity for the 'war-room' report. Those actions involve reading sensitive local files and possibly signing transactions. The SKILL.md grants broad discretion (run npm scripts, reconfigure RPCs, read git state) without corresponding declared permissions — this expands scope beyond a safe, limited integration.
Install Mechanism
There is no install specification and no code files (instruction-only). That keeps the package from writing code to disk (lower install risk), but is also inconsistent because the SKILL.md describes npm scripts and library JS files that are absent. This could indicate an incomplete/packaged skill or omitted code — either a developer mistake or intentional omission. Because there is no downloaded code, the static scanner had nothing to analyze; you should demand the actual implementation before trusting the skill.
Credentials
Although the skill metadata lists no required environment variables or credentials, the instructions explicitly reference RPC_* variables and require a wallet JSON file containing a plaintext privateKey. Requesting raw private keys and RPC endpoints is highly sensitive and is disproportionate unless the skill explicitly declares and justifies that access (and documents secure signing practices). The lack of declared secrets in the metadata while the docs ask for a private key is a red flag.
Persistence & Privilege
The skill does not request 'always: true' and uses default autonomous invocation permissions (disable-model-invocation=false). Autonomous invocation combined with access to private keys would be high-risk, but the package currently doesn't declare any keys. Still, the SKILL.md's explicit instructions to place a private key at a filesystem path mean that if a user supplies a key, the skill (when invoked autonomously) could transact on‑chain. Treat autonomous use with keys as dangerous unless signing is restricted to a safe signer.
Scan Findings in Context
[no_code_files_or_regex_matches] unexpected: The regex-based scanner found nothing because the skill contains only a SKILL.md and no code files. That absence is not expected for a skill that documents npm scripts and lib/*.js implementation files; you should request the implementation code or a trusted package release to verify behavior.
What to consider before installing
Do not provide your private keys or place them at the documented wallet path. Before installing or running this skill: (1) Ask the publisher for the actual implementation code or an official package (the SKILL.md references npm scripts and lib/*.js but none are included). (2) Require the skill to declare required environment variables and config paths in metadata (RPC endpoints, signer method), and to explain how signing is performed securely (prefer external signer/hardware wallet or a scoped signing service instead of a raw privateKey file). (3) If you test, use a new wallet funded only with testnet tokens and a read‑only/watch wallet or a signer that requires manual approval for each transaction. (4) Verify the skill author's identity and provenance (unknown homepage and single owner id here). (5) Ask for code review or provide the skill only through an official, auditable release before entrusting any real funds.Like a lobster shell, security has layers — review code before you run it.
latestvk970a08eghqcgerep8q47gy02581e7c2
License
MIT-0
Free to use, modify, and redistribute. No attribution required.