Skillv1.0.0

ClawScan security

Mint Club V2 · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

ReviewFeb 13, 2026, 11:18 AM

Verdict: Review
Confidence: medium
Model: gpt-5-mini
Summary: The skill's instructions ask the agent to install and run an external npm CLI and to provide a wallet private key (or rely on files under ~/.mintclub), but the registry metadata does not declare these credentials or config paths — this mismatch and the need to run third-party code make the skill suspicious.
Guidance: This skill delegates work to an external npm CLI that will ask for or store your wallet private key and can execute on‑chain trades and token approvals. The registry metadata does not declare the PRIVATE_KEY or config paths that the instructions use — an inconsistency you should treat as a red flag. Before installing or invoking this skill: 1) inspect the npm package source (github link) for malicious or confusing code; 2) never provide a real private key—use a watch-only address or an ephemeral/test wallet with minimal funds; 3) review the package's npm page and maintainers, and prefer pinned, verified releases; 4) be aware the CLI will write files under ~/.mintclub (tokens.json, .env) which may contain sensitive data; 5) if you allow the agent to run it, consider disallowing autonomous invocation or restrict the agent to read-only operations. Additional information that would raise confidence to 'benign': the skill metadata declaring required env/config paths, an included verified source link to the CLI repository, and an audited package release.

Review Dimensions

Purpose & Capability: concernThe SKILL.md describes interacting with Mint Club via the mint.club-cli npm package, which is coherent with the stated purpose. However the skill metadata declares no required environment variables or config paths while the instructions explicitly require a PRIVATE_KEY or ~/.mintclub/.env and will auto-save token addresses to ~/.mintclub/tokens.json — a clear mismatch between declared requirements and actual operational needs.
Instruction Scope: concernRuntime instructions tell the agent to install and run a third‑party CLI that manages wallet private keys, performs token approvals, and executes on‑chain trades (buy/sell/zap/swap/create). Those operations can move funds and write files under the user's home directory; the instructions therefore go beyond read-only queries and grant the CLI authority to perform sensitive actions.
Install Mechanism: noteNo install spec is present in the registry metadata, but SKILL.md instructs users/agents to run 'npm install -g mint.club-cli' (a public npm package). Installing a global npm package is a typical way to get a CLI, but it involves downloading and executing third‑party code that was not included in the skill bundle and therefore cannot be audited here.
Credentials: concernThe instructions request a PRIVATE_KEY (or storing it in ~/.mintclub/.env) and will perform transactions and approvals; yet the skill metadata lists no required credentials or primaryEnv. Requesting direct access to a wallet private key is high-sensitivity and should have been declared and justified in metadata.
Persistence & Privilege: noteThe CLI will create and update files in ~/.mintclub (tokens.json, .env). The skill itself does not request 'always' or other elevated platform privileges, but the side-effect of persistent files in the user's home is not declared in metadata and can persist credentials and token addresses on disk.