Skillv1.0.0

ClawScan security

Kasia · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousFeb 14, 2026, 6:47 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill appears to implement the described on‑chain messaging workflow, but it asks you to provide and stores sensitive wallet secrets without declaring them and runs/ builds third‑party code — these behaviors are coherent with the feature but raise security and disclosure concerns you should understand before installing.
Guidance: This skill appears to do what it claims (on‑chain encrypted messaging), but it asks you to supply and stores your wallet mnemonic and to build/run code from a local kasia-mcp repository. Before installing or running: - Treat the mnemonic as highly sensitive. Do not paste a real/mainnet mnemonic on a machine or shell you don't fully control. Prefer a throwaway wallet for testing. Avoid passing secrets on the command line (shell history/process lists). - The setup script writes the mnemonic into mcporter's config file in plaintext (~/.openclaw/workspace/config/mcporter.json or ./config/mcporter.json). Inspect that file after setup and ensure its filesystem permissions are restricted. - Building kasia-mcp runs npm install/npm run build in the provided path. That can execute arbitrary package scripts. Only build code from sources you trust; review the kasia-mcp package.json and build scripts first. - The skill's docs reference an indexer API (https://indexer.kasia.fyi). Although payloads are encrypted, the indexer could still collect metadata. If you are privacy‑sensitive, review or self‑host the indexer before using mainnet. - The registry metadata does not declare the mnemonic/env requirement—this is an omission. If you need to use real funds, ask the author to document required secrets and config paths explicitly, provide verification of the kasia-mcp code, or run the skill in an isolated environment. If uncertain: test with a throwaway wallet on a separate machine/container and inspect the generated mcporter config and the kasia-mcp code before trusting real funds or long‑term keys.

Review Dimensions

Purpose & Capability: noteName/description (Kasia encrypted messaging via mcporter/kaspa) match the included tooling and docs: the skill expects a local kasia-mcp and kaspa-mcp, generates payloads, and requires broadcasting via kaspa.send_kaspa. However, SKILL.md and registry metadata declare no required credentials/config paths while the runtime instructions and setup.sh clearly require and store a wallet mnemonic (KASPA_MNEMONIC) and may set an indexer URL — this mismatch is notable.
Instruction Scope: concernThe SKILL.md and scripts/setup.sh instruct the user to run a setup script that: (a) accepts a wallet mnemonic on the command line, (b) writes the mnemonic into the mcporter config JSON (potentially at ./config/mcporter.json or $HOME/.openclaw/workspace/config/mcporter.json) in plaintext, (c) runs npm install/npm run build inside the supplied kasia-mcp path, and (d) recommends background polling that writes messages to a file. All steps are consistent with implementing the feature, but they expose very sensitive secrets (mnemonic) and ask the agent to read/write config and files that were not declared up‑front. Passing the mnemonic on the command line also risks leakage via shell history or process listing.
Install Mechanism: concernThere is no formal install spec (instruction-only), but scripts/setup.sh will run npm install and npm run build in the user-supplied kasia-mcp directory. Building arbitrary code invokes package scripts and can execute arbitrary commands (supply‑chain risk). The skill itself does not download remote archives, but it will cause local build/installation of third‑party code if the user follows instructions.
Credentials: concernThe runtime requires a wallet mnemonic/private key (KASPA_MNEMONIC) and may set KASIA_INDEXER_URL, but the registry metadata declared no required env vars or primary credential. Requesting and storing a full wallet mnemonic is proportional to on‑chain signing needs, but it is sensitive and should be explicitly declared and justified. The skill stores the secret in a user config JSON in plaintext — a high‑sensitivity action that should be highlighted to users.
Persistence & Privilege: notealways:false (normal). The setup script persists configuration by creating/modifying the mcporter config file and adding a 'kasia' mcpServer entry that invokes node <path>/dist/index.js. Modifying the user's mcporter config is expected for this feature, but it grants persistent capability and stores secrets — users should be aware and verify the config location and permissions.