ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Defipoly

v1.0.0

Play Defipoly — a Monopoly-inspired DeFi game on Solana. Buy properties, earn daily DPOLY yield, shield against theft, steal from players and the bank, roll...

0· 520·0 current·0 all-time
byMiaou@rengon0x
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description (Solana DeFi game agent) aligns with the included files and dependencies: node/npm, @solana/web3.js, bs58, tweetnacl, and a CLI script that builds/signs/submits Solana transactions to api.defipoly.app. Requiring Node and npm is reasonable for this functionality.
!
Instruction Scope
SKILL.md instructs running the included CLI which will load a wallet (from .wallet.json or WALLET_FILE / WALLET_PRIVATE_KEY env), sign transactions locally, and POST to the declared backend. The pre-scan found unicode-control-chars in SKILL.md (prompt-injection pattern). The file therefore may contain hidden control/unicode sequences intended to manipulate an LLM or automated scanner. This is unexpected for a playbook and raises concern.
Install Mechanism
No remote arbitrary downloads; install is npm install in the skill dir (dependencies are standard npm packages from the registry). package.json and package-lock.json list normal Solana-related deps. No extract-from-URL installs were detected.
Credentials
No required env vars are declared, which is consistent, but the CLI supports sensitive optional overrides: WALLET_FILE and WALLET_PRIVATE_KEY (private key in env), plus BACKEND_URL and SOLANA_RPC. WALLET_PRIVATE_KEY gives full signing authority and is necessary for transaction actions but is extremely sensitive — providing it (or a wallet file) to the skill transfers signing capability to code you run. BACKEND_URL is overridable and, if set to an attacker-controlled endpoint, could cause the agent to build transactions against a malicious backend or exfiltrate data. These options are proportionate for a wallet agent but require user caution.
Persistence & Privilege
always is false. The script caches JWTs to /tmp/defipoly-agent-<hash>.json (ephemeral), and otherwise doesn't request persistent system-wide privileges or modify other skills' configs. Autonomous invocation is allowed but is the platform default; this alone isn't a red flag.
Scan Findings in Context
[unicode-control-chars] unexpected: SKILL.md contained unicode control characters/patterns that the pre-scan flagged as prompt-injection. There is no legitimate reason for control chars in runtime instructions; they could be an attempt to influence LLM-driven installers or reviewers. This should be investigated and removed/cleaned before trusting the skill.
What to consider before installing
This skill mostly does what it says (a Node-based CLI that signs and submits Solana transactions). However: 1) Do NOT supply your main wallet private key directly. Prefer creating/importing a throwaway wallet with minimal SOL/DPOLY for testing. 2) Inspect the full SKILL.md and scripts/agent-play.js yourself (or have a trusted reviewer) — the pre-scan flagged unicode control characters in SKILL.md which may be a prompt-injection attempt. 3) Verify the BACKEND_URL (default https://api.defipoly.app) before running; do not override BACKEND_URL to an untrusted endpoint. 4) Run npm install and execute the agent in an isolated environment (VM/container) first, and review network traffic (or run with SOLANA_RPC set to a read-only/test RPC). 5) If you must run with a real wallet, move only minimal funds to that wallet, keep private keys off environment variables if possible (use a keyfile with restrictive permissions), and confirm the code that does transaction build/sign/submit to ensure no exfiltration of secret material. If you are not comfortable auditing the code, treat this skill as untrusted.

Like a lobster shell, security has layers — review code before you run it.

latestvk972tq31ngd8x43tdha7y0bz25828x0t

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🎲 Clawdis
OSmacOS · Linux · Windows
Binsnode, npm

Comments