Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Signet
v1.0.0Interact with Signet onchain advertising on Hunt Town. Use when the user wants to check spotlight ad prices, list current ads/signatures, or post a URL to the Signet spotlight. Supports x402 payment protocol for programmatic ad placement by AI agents.
⭐ 0· 1k·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The skill's name and description (interact with Signet onchain advertising, support x402 payments) match the instructions (estimate, list, post via x402). However, SKILL.md references using a PRIVATE_KEY (env or --private-key) for onchain posting but the skill metadata declares no required environment variables or primary credential — an inconsistency that should be addressed. Requiring a wallet/private key is plausible for the stated purpose, but it was not declared.
Instruction Scope
Runtime instructions tell the agent to run npx @signet-base/cli commands and to curl an external API (https://signet.sebayaki.com). They explicitly instruct using a private key to submit payments. This is within the functional scope, but the instructions cause network calls and remote code execution (via npx) and ask the agent to handle a sensitive secret (PRIVATE_KEY). The SKILL.md also describes the full 402 payment flow (including signing) — meaning an agent following the doc may create and transmit signed payment material. The instructions access an environment variable (PRIVATE_KEY) that is not declared in the skill metadata, which is a scope mismatch.
Install Mechanism
There is no install spec (instruction-only), but the guide directs use of npx which will fetch and execute package code from the npm registry at runtime. That is a normal developer pattern for CLIs but it means code will be pulled from the network and executed when used. The referenced API host (signet.sebayaki.com) and npm package (@signet-base/cli) are not validated or linked to a known homepage in the registry metadata, so provenance is unverified.
Credentials
The only sensitive credential implied by the instructions is a private key for signing onchain payments (PRIVATE_KEY). Requesting a private key is proportionate to the task of creating onchain payments, but the skill metadata does not declare this environment variable or any primary credential. That omission makes it unclear how the skill expects to receive or protect secrets. No other unrelated credentials are requested.
Persistence & Privilege
The skill does not request persistent presence (always:false), does not provide install scripts, and has no config paths or system modifications. It does not ask to modify other skills or system-wide settings.
What to consider before installing
This skill appears to do what it says (estimate/list/post Signet spotlight ads) but has a few important caveats you should consider before installing or invoking it:
- Private key handling: Posting requires signing with a wallet private key (PRIVATE_KEY or --private-key). Never store your main wallet private key in a skill environment. Use a dedicated, funded test wallet or hardware wallet / offline signing where possible.
- Remote code execution via npx: The SKILL.md instructs use of npx @signet-base/cli. npx will fetch and run code from npm at runtime — verify the package name, publisher, and source repository before running. Inspect the package source (or install into an isolated environment) and prefer pinned, audited releases.
- Unknown API host: The API base (signet.sebayaki.com) has no homepage listed. Treat network endpoints as untrusted until you verify them. Use the --simulate flag first to avoid committing funds and inspect the request/response traffic if possible.
- Metadata mismatch: The skill metadata declares no required env vars, but the instructions reference PRIVATE_KEY. Ask the skill author to clarify required credentials and to declare them in metadata; prefer skills that explicitly state required scopes and secrets.
- Safer alternatives: prefer offline or delegated signing (generate a payment payload and sign it locally with a wallet you control), use a dedicated small-balance wallet for testing, or review the @signet-base/cli source before use.
If you proceed: test with --simulate, use a throwaway wallet with minimal balance, inspect network requests, and verify the npm package and API domain provenance. If you cannot verify those, do not provide real private keys or run commands that submit payments.Like a lobster shell, security has layers — review code before you run it.
latestvk97cnan0hmfrpzwxrj34krcmdx80t8wr
License
MIT-0
Free to use, modify, and redistribute. No attribution required.