jinn-node
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: jinn-node Version: 1.0.0 The skill is classified as suspicious due to several high-risk behaviors and vulnerabilities. Most notably, `references/launchpad.md` explicitly instructs the agent to scan *all* session logs from `~/.openclaw/agents/main/sessions/*.jsonl` for profile building, a significant privacy concern. Additionally, `references/setup.md` instructs the agent to search the user's home directory for `.env` files, potentially exposing credentials from other services. The skill also uses the `curl | bash` pattern for Poetry installation (`SKILL.md`, `references/setup.md`), which is a common but vulnerable practice. Finally, instructions for the agent to ask users for sensitive values and write them to `.env`, or to draft content for API calls, create prompt injection surfaces against the agent.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing the skill could result in your agent running code that was not included in this review, with access to valuable accounts and on-chain funds.
The submitted skill has no runnable code files, but its setup tells the agent to fetch an unpinned external repository, install dependencies, and run a continuous worker. This is materially risky because the same workflow uses wallet funds and Gemini/GitHub/RPC credentials.
git clone https://github.com/Jinn-Network/jinn-node.git cd jinn-node ... yarn install ... yarn worker
Only run it after inspecting the external repository and lockfiles, pinning a trusted commit, and using a restricted environment with least-privilege credentials.
The agent may inspect unrelated local project secrets and reuse or reveal credentials that were not intended for Jinn.
The setup guide instructs the agent to search the user's home directory for .env files and extract credential-like values, not just read a user-selected jinn-node configuration file.
find ~ -maxdepth 3 -name ".env" -type f 2>/dev/null | head -5 ... Search found files for relevant env vars: ... OPERATE_PASSWORD ... GITHUB_TOKEN ... GEMINI_API_KEY ... If values found, present them
Provide credentials manually or from a dedicated jinn-node .env file; avoid scanning the home directory, mask any discovered secrets, and use fine-grained tokens.
A compromised or misused key could allow broader database changes than a normal user-scoped Launchpad action.
Launchpad actions use a Supabase service-role key for REST writes. Service-role credentials are typically broad administrative credentials and are not declared in the main requirements.
KEY="${SUPABASE_SERVICE_ROLE_KEY}" ... curl -s "${SUPABASE_URL}/rest/v1/ventures" \
-X POST \
-H "Authorization: Bearer ${KEY}"Prefer a user-scoped or least-privilege API key with row-level security, declare the required credential explicitly, and require explicit confirmation for every write.
Private conversation topics, frustrations, and inferred expertise may be stored and used to guide public-facing suggestions, even if the docs say the profile itself should stay local.
The skill builds persistent preference and expertise profiles from recent OpenClaw conversation logs, then reuses those in future Launchpad recommendations.
Scan session logs from `~/.openclaw/agents/main/sessions/*.jsonl` (last 24h) ... Update category affinity scores ... Write pending actions to `~/.openclaw/jinn-launchpad-pending.json`
Enable this only with explicit opt-in, review the generated profile, set retention limits, exclude sensitive sessions, and delete the profile when no longer needed.
The skill can keep operating on a schedule and processing private context after the original setup task is complete.
The documented cron setup creates recurring background agent tasks that continue after installation, scan session history, and send a daily brief through an external channel.
openclaw cron add --name "jinn-profile-builder" --cron "0 3 * * *" ... "Scan recent sessions and update the preference profile" ... openclaw cron add --name "jinn-launchpad-brief" ... --channel whatsapp
Only add these cron jobs if you explicitly want them, periodically list and remove unused crons, and avoid external notification channels for sensitive recommendations.
Mistakes or unauthorized use of these commands could reveal the wallet seed phrase or transfer assets.
Wallet export, withdrawal, unstake, and recovery commands are purpose-aligned and documented with confirmations/dry-runs, but they expose key material or move funds.
yarn wallet:export-keys ... Displays the BIP-39 mnemonic ... yarn wallet:withdraw --to <address> ... Emergency Recovery ... withdraws all funds. **Always preview first.**
Run wallet commands only when you requested them, always use dry-run previews first, and never share exported mnemonics or wallet passwords.