Skillv1.0.2001

ClawScan security

8004 · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 9, 2026, 2:50 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's documentation and runtime instructions match its stated purpose (on-chain agent identity and reputation on Celo), but the instructions imply actions that require private keys, signing, and payment integration while the skill declares no required credentials or config — an inconsistency worth investigating before use.
Guidance: This skill appears to document a legitimate protocol for agent identity and reputation on Celo, but stop before installing or wiring credentials. Questions and actions to consider before use: - Verify the package authors and package names (@chaoschain/sdk, thirdweb/x402) on npm/PyPI/GitHub — the SKILL.md author field claims 'celo-org' but the skill source is unknown; this could be impersonation. - The examples perform on-chain registration and payments, which require a signer/private key. The skill declares no required env vars — do not paste private keys into an agent or supply secrets until you confirm how the signer should be provided (hardware wallet, secure signer service, or environment variables kept out of the agent runtime). - Expect the agent to fetch and POST to external endpoints (agent endpoints, IPFS gateways, payment endpoints). Only allow interaction with endpoints you trust; consider network isolation or request whitelists. - If you plan to use this for production, validate the SDK codebase and registry contract addresses (the SKILL.md lists many addresses as "Coming Soon"). Ask the skill author for provenance (repo URL, release signatures) and explicit guidance on signing/credential handling. - If you want a safer test, use read-only flows (querying reputation on a testnet) with a public client and avoid any registration/transaction steps until you confirm secure signer integration.

Review Dimensions

Purpose & Capability: okThe name/description (ERC-8004 agent trust on Celo) align with the SKILL.md content: identity/reputation/validation registries, IPFS metadata, on-chain registration, reputation queries, and x402 payment integration. Libraries referenced (viem, Celo chain, an SDK) are plausible for this purpose.
Instruction Scope: concernThe instructions include registering agents on-chain, uploading metadata to IPFS, sending transactions (registry.register), and making paid requests (wrapFetchWithPayment). These runtime steps require signing transactions, private key management, and network calls to external endpoints (agent endpoints, IPFS gateways, payment wrappers). The SKILL.md does not document how signing/keys are provided or how to safely handle them; it also instructs fetching and interacting with arbitrary agent endpoints, which is expected for the purpose but increases data exposure risk.
Install Mechanism: noteThe SKILL.md suggests installing @chaoschain/sdk via npm/pip. No install spec is embedded in the skill bundle (instruction-only), so nothing will be written by default. Installing third-party SDKs is normal but the specific package names should be verified (author/registry/trustworthiness).
Credentials: concernThe skill declares no required environment variables or primary credential, yet the examples perform on-chain registration, which normally requires a signer (private key, wallet, or connected signer service) and payment flow integration. This mismatch (no declared env/config for signing credentials) is a functional and security gap: the skill will need credentials in practice, and the SKILL.md does not advise how to supply them safely.
Persistence & Privilege: okThe skill is instruction-only with no install spec and does not request always:true. It does not request persistent system-level privileges or attempt to modify other skills' configs. Autonomous invocation is enabled by default (normal) but not combined here with other excessive privileges.