ERC-800Claw
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: erc-800claw Version: 0.1.1 The skill is classified as suspicious due to its explicit requirement for the AI agent to access and use a `PRIVATE_KEY` environment variable for core functionalities like registering agents and giving feedback on-chain. While this capability is plausibly needed for the stated purpose of interacting with the ERC-8004 blockchain protocol, handling such a sensitive credential represents a significant security risk. The `SKILL.md` file clearly outlines this requirement in its 'How to Respond', 'CLI Commands', 'Using in Code', and 'Environment Variables' sections, with examples showing `PRIVATE_KEY=0x... erc-800claw register` and `process.env.PRIVATE_KEY`.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If a funded or important wallet key is available, commands run through this skill could sign real blockchain transactions and spend gas or create public records.
This shows the skill expects access to an Ethereum wallet private key for signing transactions. That is high-privilege account authority and is not declared in the provided registry requirements.
"Register my agent" | Run `erc-800claw register --name "Name"` (requires PRIVATE_KEY env var)
Use a dedicated low-balance wallet, prefer testnet first, and require explicit per-transaction approval. The skill should declare PRIVATE_KEY as a credential requirement and clearly scope which network and wallet will be used.
A mistaken or over-eager agent action could submit public mainnet registrations or ratings, incurring fees and changing on-chain reputation records.
The skill documents key-signed write operations, including reputation feedback, and defaults to mainnet. The artifacts do not show a required confirmation or transaction preview before these high-impact actions.
`--network, -n <name>` - Network to use (mainnet, sepolia). Default: mainnet ... `await client.giveFeedback(process.env.PRIVATE_KEY, agentId, { value: 4.5`Before any write, require the user to confirm the network, contract, recipient/agent ID, action details, and estimated cost. Consider defaulting examples to testnet rather than mainnet.
Users must trust an unreviewed external package before giving it access to a wallet private key.
The skill relies on externally installed packages that are not included in the submitted files and are not version-pinned in the setup instructions. Those packages are the runtime that would handle private-key signing.
npm install erc-800claw ... pip install erc-800claw
Verify the package source and publisher, pin versions or hashes, inspect the package before use, and avoid exposing valuable private keys to unreviewed code.
Erroneous ratings or metadata can become part of a public reputation system and may be hard to correct.
Persistent public reputation is central to the skill’s purpose, but incorrect feedback can affect shared reputation state beyond the current chat.
Reputation Registry - Structured feedback scores from clients to agents ... scores accumulate on-chain
Double-check agent IDs, rating values, and metadata before submitting any on-chain reputation or identity transaction.