Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Near Batch Sender
v1.0.0Batch operations for NEAR tokens - send to multiple recipients, transfer NFTs, claim rewards with cost estimation.
⭐ 0· 1k·0 current·0 all-time
by@shaiss
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
Name/description match the code and README: the script performs batch sends, NFT transfers, and cost estimates. However the skill metadata declares no required binaries or credentials while both SKILL.md/README and the script expect the 'near' CLI to be installed and configured — a clear mismatch between declared requirements and actual capabilities.
Instruction Scope
The runtime instructions and script operate within the stated domain (read a JSON file, run batch operations). However the implementation constructs shell commands by interpolating user-provided fields directly into child_process exec calls (e.g., recipient.account, amount, transfer contract/token_id). This creates a command-injection risk if inputs are not strictly validated or controlled. The 'claim' command is only a placeholder and not implemented, which is a scope gap but not malicious by itself.
Install Mechanism
No install spec (instruction-only / script included) — lower risk of arbitrary remote code install. The code does rely on an out-of-band dependency (NEAR CLI) but that dependency is not declared in the metadata. The lack of an install step means nothing is automatically downloaded at install time, but runtime will invoke external binaries.
Credentials
The skill declares no required environment variables or credentials, yet it implicitly depends on NEAR CLI configuration (local key files / credentials under the user's NEAR config) to sign and send transactions. Not declaring this may mislead users about what will be accessed. No explicit external secrets are requested, but the script will cause the NEAR CLI to use whatever local keys are available — a potential surprise for users who haven't audited where keys live.
Persistence & Privilege
The skill does not request persistent or elevated privileges (always is false, no install hooks). It will only run when invoked; it does not auto-enable itself or modify other skills or system-wide settings.
What to consider before installing
This skill implements the advertised NEAR batch operations but you should be cautious before installing or running it. Key points:
- The metadata does NOT declare that the 'near' CLI is required, but the script calls 'near' via shell exec; ensure you have NEAR CLI installed and understand which local keys/credentials it will use (e.g., ~/.near-credentials). Treat that as an implicit required dependency.
- The script builds shell commands by interpolating values from your JSON files directly into exec() calls. That is a command-injection risk: if any account, token_id, contract, or amount contains unexpected characters, an attacker controlling the JSON could run arbitrary shell commands. Only run this tool with trusted input files, or sanitize/validate inputs before use.
- The 'claim' operation is not implemented in the script; it warns that protocol-specific integration is required.
- Recommendations before use: review the script yourself (or run in a safe/test environment), run with a test account and small amounts first, ensure your NEAR CLI keys are secured, and consider reimplementing the command execution to call NEAR RPCs or use a native SDK / spawn with argument arrays (to avoid shell interpolation) rather than string-passed exec. If you expect the agent to call this autonomously, restrict autonomous invocation until you are comfortable with these risks.Like a lobster shell, security has layers — review code before you run it.
latestvk97dj4ktk81tsj3asq2mnahcv180sbqd
License
MIT-0
Free to use, modify, and redistribute. No attribution required.