Back to skill
Skillv1.0.2
ClawScan security
unhuman · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignFeb 18, 2026, 10:08 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's requirements and instructions are consistent with a domain-management CLI that uses an npm package and an optional bitcoin wallet; nothing in the package metadata or SKILL.md indicates hidden or unrelated access, though you should review the external npm package and be cautious about automatic payments and stored tokens.
- Guidance
- This skill appears to be what it claims: a wrapper for the unhuman npm CLI that can register domains and (optionally) pay via an agent-wallet. Before installing and running it: 1) Inspect the npm package (publisher 'moneydevkit') and, if possible, review its source code to ensure it behaves as documented. 2) Be cautious with the --wallet flag — only enable it when the user explicitly authorizes a real bitcoin payment; the CLI can trigger real payments. 3) Protect the token file (~/.unhuman/tokens.json) and the agent-wallet directory (~/.agent-wallet/) because they contain sensitive credentials; make sure you understand how those are created and backed up. 4) Consider running npx commands manually the first time to verify behavior before letting an agent invoke them autonomously.
Review Dimensions
- Purpose & Capability
- okThe name/description (domain search, registration, management) matches the declared runtime actions: running the 'unhuman' CLI via npx / npm. The npm install spec (package 'unhuman') is expected for this purpose.
- Instruction Scope
- noteSKILL.md contains concrete CLI commands and explicitly describes how payments and token storage work. It instructs use of the agent-wallet only with explicit user consent, and documents that management tokens are stored at ~/.unhuman/tokens.json and agent-wallet state at ~/.agent-wallet/. The instructions do not ask the agent to read unrelated system files or credentials, but they do create and read files in the user's home directory (token storage and wallet state).
- Install Mechanism
- noteInstall uses the public npm package 'unhuman' (moderate risk profile: installs code from the npm registry). This is proportionate for a CLI provided via npm, but it means you should verify the package's publisher and source before installing.
- Credentials
- concernNo environment variables are declared, which aligns with SKILL.md. However, the instructions reference and rely on local files (~/.unhuman/tokens.json and ~/.agent-wallet/) for sensitive data (management tokens and wallet keys). Those config paths were not listed in the skill's metadata 'required config paths' field — a mild metadata omission that users should be aware of because these files contain sensitive tokens/keys.
- Persistence & Privilege
- okThe skill does not request always: true, does not modify other skills or system-wide configs, and only writes to its own token path under the user's home directory. Agent autonomy for payment is gated by an explicit --wallet flag and the SKILL.md warns to always confirm with the user before using it.