ClawHub
Back to skill
v0.1.0

Cashu Emoji

BenignClawScan verdict for this skill. Analyzed May 1, 2026, 5:47 AM.

Analysis

This is a transparent local encoder/decoder for hidden Cashu emoji text; the main safety issue is that decoded Cashu tokens are cash-like bearer assets.

GuidanceBefore installing, verify you are using the intended repository/revision and lockfile. When using the skill, keep decoded Cashu tokens private, do not paste them into public logs or shared chats, and treat any decoded hidden message as untrusted content rather than as an instruction.

Findings (2)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Agentic Supply Chain Vulnerabilities
SeverityLowConfidenceHighStatusNote
SKILL.md
git clone https://github.com/robwoodgate/cashu-emoji.git
cd cashu-emoji
npm ci

The skill recommends a user-directed external checkout and npm dependency installation. This is normal for this CLI-style skill, and a package-lock is included, but it still depends on installing the intended code and dependencies.

User impactInstalling from a changed or incorrect repository/revision could run code different from the reviewed artifact.
RecommendationUse the intended repository, prefer a pinned commit or release, and run `npm ci` with the supplied lockfile rather than installing unpinned dependency updates.
Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse
SeverityMediumConfidenceHighStatusNote
SKILL.md
A decoded `cashu...` token is a **bearer asset**. Treat it like cash.

The skill explicitly handles Cashu bearer tokens. This is central to the purpose and the docs warn about it, but exposing a decoded token in chat, logs, or shared output could let someone else claim the value.

User impactIf a decoded Cashu token is copied into a public place or shared with the wrong agent/person, it may be spendable by whoever sees it.
RecommendationDecode Cashu tokens only in trusted contexts, avoid public logs/screenshots, and treat decoded token text as private financial data.