Multi-Sig Treasury
PassAudited by ClawScan on May 1, 2026.
Overview
This is an instruction-only multisig treasury guide for high-stakes financial governance, but the described behavior is disclosed, purpose-aligned, and keeps live transactions under human approval.
This skill appears suitable as a planning, checklist, and drafting aid for multisig treasury work. Before installing or using it, remember that treasury proposals, signer changes, and threshold updates can affect real funds: never share seed phrases or private keys, verify every address and amount manually, use official Safe tooling, and require normal multisig/human approval before executing anything on-chain.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Incorrect generated amounts, recipients, chains, or proposal details could cause financial loss if signers approve them without review.
The skill can help prepare materials that may later be used for treasury fund movement. This is high-impact, but the artifact also explicitly states that live on-chain transactions require human approval.
Generating spending proposals or transaction templates ... Executing live on-chain transactions (always require human approval)
Use the skill for drafting and checklists only; verify all recipient addresses, amounts, chains, and transaction data in the official Safe interface before any signer approval.
A mistaken signer change or threshold change could lock out legitimate signers or weaken treasury controls.
Adding/removing owners or changing thresholds affects who controls a multisig treasury. This is central to the skill's purpose, but it is a sensitive privilege boundary.
Managing signer rotation (add/remove owners, change threshold)
Require independent human verification of signer identities, wallet addresses, and threshold changes before proposing or approving any Safe owner-management transaction.
Treasury transaction activity or alert metadata could be visible to the external monitoring service or webhook endpoint used.
The skill suggests optional external notification/webhook integrations, which may expose treasury activity metadata to third-party services if configured.
Set up notifications (Safe webhook or Tenderly)
Use trusted monitoring providers, restrict webhook destinations, and avoid sending unnecessary private governance or treasury context in alerts.