Near Batch Sender
SuspiciousAudited by ClawScan on May 10, 2026.
Overview
The skill matches its NEAR batch-transfer purpose, but it can move real tokens/NFTs using local NEAR credentials and builds shell commands from unvalidated batch data.
Install only if you intend to let the agent perform real NEAR transfers. Use trusted batch files only, run estimation first, review every recipient and amount, and prefer a limited-purpose NEAR account. The maintainer should switch to safe argument-based process execution, validate inputs, declare NEAR CLI credential requirements, and add explicit confirmation before transfers.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A malicious or malformed batch file could cause unintended local command execution or unintended transfers under the user's environment.
The shell command is constructed from command-line and JSON fields without validation or escaping, so malicious values could alter the shell command being executed.
const cmd = `near send ${senderAccount} ${recipient.account} ${recipient.amount}`;
await execAsync(cmd);Replace shell-string exec with spawn/execFile using an argument array, strictly validate NEAR account IDs, amounts, contracts, and token IDs, and reject shell metacharacters.
If the agent uses the wrong file, account, or recipient list, tokens or NFTs could be transferred in bulk before the user reviews the full impact.
The send flow reads a batch file and immediately executes transfers; the skill itself does not enforce a dry run, cost estimate, recipient review, or confirmation before submitting operations.
const { recipients } = JSON.parse(data);
await batchSend(arg1, recipients);Make estimation/dry-run the default, display a complete transfer plan, and require explicit user confirmation before any send or NFT transfer.
The skill can use an already-configured NEAR account to move valuable assets, which may exceed what a user expects from the declared permissions.
A configured NEAR CLI implies local account authority capable of signing transactions, but the registry metadata declares no primary credential, required binary, or required config path, and the artifacts do not define limits for that authority.
- NEAR CLI installed and configured - Sufficient balance for all transfers
Declare the NEAR CLI and credential/config requirements, document which account/network is used, and recommend a limited-purpose account or spending caps.
Users or agents may not realize the skill depends on a preconfigured external CLI that controls transaction signing.
The external NEAR CLI dependency is disclosed in the README, but it is not reflected in the registry requirement fields, which list no required binaries.
## Requirements - NEAR CLI installed and configured
Add NEAR CLI to the skill's required binaries and document expected CLI version, network, and configuration location.