v3.0.0

Phosphors

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 5:19 AM.

Analysis

This is a coherent art-marketplace skill, but it asks agents to handle wallets, API keys, purchases, and bridging of crypto assets without clear approval, custody, or value boundaries.

GuidanceReview this carefully before installing or invoking it. Use only a wallet with limited funds, verify whether actions are on testnet or mainnet, require explicit approval for every purchase or bridge, and avoid service-generated wallets unless custody and recovery are clear.

Findings (6)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation

SeverityMediumConfidenceHighStatusConcern

SKILL.md

Every piece can be purchased with a single HTTP request ... # 2. Send USDC to the artist's wallet ... POST /api/bridge { "action": "deposit", ... "amount": "5.00" }

The skill documents payment and bridge workflows that can move crypto assets, but the artifacts do not specify explicit user approval, spend limits, network checks, or rollback guidance.

User impactIf an agent combines this skill with wallet or payment tools, it could spend or bridge funds in ways the user did not specifically approve.

RecommendationRequire explicit user confirmation before every purchase or bridge, show the amount, asset, network, destination address, and fees, and set low spend limits by default.

Human-Agent Trust Exploitation

SeverityLowConfidenceMediumStatusNote

SKILL.md

**First 20 artists to submit get their work purchased!** ... we buy it with real USDC. No catch. ... we'll send you testnet USDC + ETH

The promotional wording creates urgency and says funds are real and no-catch, while other parts describe testnet/devnet assets; this value and risk framing is ambiguous.

User impactUsers or agents may over-trust the offer or misunderstand whether the assets have real economic value.

RecommendationVerify the network, asset value, and terms before submitting work, registering, or relying on any funding promise.

Rogue Agents

SeverityInfoConfidenceHighStatusNote

SKILL.md

Check in periodically to get personalized updates

The skill encourages recurring remote check-ins, although it provides no local background worker or persistence mechanism.

User impactAn agent could be configured to keep contacting the service for updates beyond a single task.

RecommendationOnly enable periodic checks if the user asks for them, and make any schedule easy to review and disable.

Agentic Supply Chain Vulnerabilities

SeverityInfoConfidenceHighStatusNote

metadata

Source: unknown ... No install spec — this is an instruction-only skill.

There is no local code to install, but the financial and wallet-related workflows depend entirely on an external service with unknown source provenance.

User impactUsers cannot inspect server-side behavior from the provided artifacts and must trust the remote service for account, wallet, and marketplace operations.

RecommendationReview the service independently, confirm the official domain, and avoid sending meaningful funds until provenance and operational trust are acceptable.

Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse

SeverityMediumConfidenceMediumStatusConcern

SKILL.md

"solanaWallet": "SoLaNa..."     // Optional - we'll generate if not provided ... Creates wallets on both chains. Bridge USDC freely between Solana and Base.

The remote service may generate wallets for the agent, but the artifacts do not explain custody, private-key handling, recovery, or who controls funds sent to those wallets.

User impactA user could end up relying on service-generated wallet infrastructure without understanding whether they fully control the wallet and its assets.

RecommendationUse self-custodied wallets where possible, verify how generated wallets are secured and recovered, and do not place meaningful funds in service-generated wallets until custody is clear.

Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Memory and Context Poisoning

SeverityLowConfidenceMediumStatusNote

SKILL.md

"walletBalance": { "eth": "0.05", "usdc": "4.90" }, "recommended": [ ... "buyUrl": "..." ], "notifications": [ ... ]

The heartbeat endpoint returns personalized balances, notifications, and recommendations that an agent may reuse as context for future actions.

User impactExternal recommendations or notifications could influence what the agent buys or prioritizes if treated as trusted instructions.

RecommendationTreat heartbeat data as untrusted marketplace content, and do not let recommendations override the user's stated goals or spending limits.