ClawHub
Back to skill
v0.1.0

QELT Blockchain

BenignClawScan verdict for this skill. Analyzed May 1, 2026, 6:33 AM.

Analysis

This is a transparent instruction-only QELT blockchain RPC skill, with the main caution that it can broadcast user-supplied signed transactions.

GuidanceThis skill appears safe to install for QELT blockchain lookups. Treat raw transaction submission as a real blockchain action: confirm the network, verify what the signed transaction does, and never share private keys, mnemonics, or wallet recovery material.

Findings (2)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation
SeverityMediumConfidenceHighStatusNote
SKILL.md
⚠️ **Write operation** — confirm with user before executing. ... "method":"eth_sendRawTransaction","params":["0xSIGNED_TX_HEX"]

The skill documents a real blockchain write operation using JSON-RPC. It is purpose-aligned and bounded to pre-signed raw transactions with confirmation, but broadcasting a signed transaction can have irreversible financial or contract effects.

User impactIf used, the agent can broadcast a transaction that the user has already signed, potentially moving funds or changing contract state on QELT.
RecommendationOnly provide signed transactions you understand, confirm mainnet versus testnet and the intended transaction details, and never provide private keys or seed phrases.
Agentic Supply Chain Vulnerabilities
SeverityInfoConfidenceHighStatusNote
metadata
Source: unknown

The registry entry does not provide a source repository. Because this is instruction-only with no install script or code files, this is a provenance note rather than evidence of unsafe behavior.

User impactIt may be harder to independently verify the publisher history or review changes outside the packaged artifacts.
RecommendationVerify the skill against the official QELT documentation and endpoint list before relying on it for mainnet transaction submission.