Skillv0.3.0

ClawScan security

RustChain MCP · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 9, 2026, 1:32 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The package mostly matches its stated purpose (RustChain/BoTTube/Beacon MCP tools) but contains several mismatches and risky behaviors—undeclared environment/credential usage, disabled TLS verification, an evangelist daemon that will ping other agents, and a hardcoded default node IP—so review before installing or supplying secrets.
Guidance: This package implements the RustChain/BoTTube/Beacon tools described, but several things deserve caution before installing: - Verify provenance: SKILL metadata lists 'source: unknown' though files reference a GitHub repo and PyPI. Confirm the PyPI package and GitHub repository match the code here. - Secrets and env vars: The code uses environment variables (RUSTCHAIN_NODE, BOTTUBE_URL, BEACON_URL) and optional API keys (BOTTUBE_API_KEY, MOLTBOOK_API_KEY). The skill did not declare these as required—only provide API keys if you trust the maintainer and the endpoints. - TLS verification disabled: The code sets verify=False for httpx/requests, which bypasses TLS cert checks. This makes network traffic vulnerable to man-in-the-middle attacks and increases risk if you provide credentials. - Automated network behavior: evangelist_agent.py will discover agents, post onboarding content, and send Beacon pings (offers/tips). That behavior is potentially spammy and will produce outbound network traffic—run it only in an isolated environment and after reviewing what it posts/whom it contacts. - Default node/IP: The default RUSTCHAIN_NODE is a raw IP (50.28.86.131). Confirm that is an intended and trusted node; consider overriding to a known, vetted node URL. If you plan to use this skill: - Inspect the published PyPI package contents and upstream GitHub repo to ensure they match. - Run in an isolated environment (container/VM) first. - Never supply API keys or secrets until you confirm trust; if you must, consider scoped, low-privilege keys and monitor their use. - Consider patching the code to enable TLS verification (remove verify=False) before supplying secrets or using in production. If you want, I can list the exact lines where verify=False is set, show the env vars the code reads, or help craft safer environment overrides.

Review Dimensions

Purpose & Capability: noteName/description claim a unified MCP server for RustChain, BoTTube, and Beacon; the code and README implement those features (HTTP endpoints, MCP tools, LangChain wrappers). That alignment is coherent. Minor mismatch: SKILL metadata declares no required env vars, but README and code expect environment variables for node and service URLs and optional API keys (e.g., BOTTUBE_API_KEY, MOLTBOOK_API_KEY).
Instruction Scope: concernSKILL.md only documents pip install and running the MCP server, and lists the tools. The repository, however, contains an evangelist_agent daemon (evangelist_agent.py) that will discover agents, post onboarding content, and send Beacon pings offering RTC tips—network-behavior not prominently documented in SKILL.md. Several runtime components perform outbound network calls to third-party endpoints; the agent can post content and ping other agents when run. This expands the runtime scope beyond passive query tools.
Install Mechanism: noteThere is no explicit install spec in the skill bundle (SKILL.md suggests 'pip install rustchain-mcp'); the package includes full Python source and pyproject files. Installing from PyPI (as suggested) will pull the published package; the source here references a GitHub repo and PyPI. No arbitrary URL downloads or extract steps were found in the bundle, but you should verify the PyPI package contents and provenance before pip installing.
Credentials: concernThe skill declares no required environment variables, but code and README rely on several environment variables (RUSTCHAIN_NODE, BOTTUBE_URL, BEACON_URL, RUSTCHAIN_TIMEOUT) and optional secret keys (BOTTUBE_API_KEY, MOLTBOOK_API_KEY, EVANGELIST_WALLET). Upload/posting tools require API keys. The bundle does not clearly declare these as required, which could lead users to accidentally provide secrets without understanding why. Additionally, HTTP clients in the code disable TLS verification (verify=False), which is a security risk for any secret-bearing requests.
Persistence & Privilege: noteThe skill is not 'always: true' and does not request system-wide configuration changes. However, it includes an evangelist daemon that, if run, will periodically discover and ping other agents and post to external services—this can produce outbound traffic and automated messages. Autonomous model invocation is enabled by default (not flagged on its own) but combined with the evangelist behavior increases blast radius if the agent runs those flows unsupervised.