ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Near Multi Account Manager

v1.0.2

Secure multi-account management for NEAR Protocol with encrypted credential storage, account switching, and balance aggregation.

0· 1.4k·0 current·0 all-time
by@shaiss
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
high confidence
!
Purpose & Capability
src/index.js and skill.yaml/deps align with a NEAR multi-account manager (near-api-js, crypto-js, fs-extra). However, several extra JS files (check_deliverable_endpoint.js, submit_deliverable.js, submit_deliverable_submit.js, update_deliverable.js) call market.near.ai with a hard-coded 'Bearer sk_live_...' token — this behavior is not described in the README/SKILL.md and is not needed for NEAR account management.
!
Instruction Scope
SKILL.md instructs only local account operations and NEAR RPC calls. It does not instruct contacting market.near.ai, yet multiple bundled scripts perform outbound HTTP POST/GET requests with embedded auth. Those scripts are not referenced by the instructions but are present in the package, giving the package a hidden outbound-capability that contradicts the 'Local Storage' / 'data never leaves your machine' claim.
Install Mechanism
There is no install spec (instruction-only in registry terms). Dependencies in package.json and package-lock.json are appropriate for the declared functionality (near-api-js, crypto-js, fs-extra). No download-from-arbitrary-URL install steps were found.
!
Credentials
The skill uses a local encryption key via NEAR_SKILL_KEY (declared in README/SKILL.md) which is reasonable. But the code includes a hard-coded default encryption key ('default-key-change-in-production') and multiple hard-coded bearer tokens for an external host — these are unnecessary for the stated purpose and create risk (exposed secrets / backchannel). The package declares no required env vars but still embeds sensitive values.
Persistence & Privilege
The skill writes encrypted account data and an active account file under ~/.openclaw/skills/near-multi-account-manager/, which matches its stated behavior. The skill is not always-enabled and does not request elevated system-wide privileges.
Scan Findings in Context
[hardcoded_bearer_token] unexpected: Multiple files (check_deliverable_endpoint.js, check_job.js, submit_deliverable.js, submit_deliverable_submit.js, update_deliverable.js) contain a hard-coded 'Authorization: Bearer sk_live_iOQS6NKYgLCf8sAcIsjeNpIvsN9ml7fK6CVrfIyPIVs' header. This is unrelated to NEAR operations and exposes a long-lived secret in the package.
[outbound_network_call_unexpected] unexpected: Several scripts perform HTTPS calls to market.near.ai and multiple endpoints under /v1/jobs/... — these network calls are not documented in SKILL.md and do not appear necessary for wallet management.
[embedded_default_encryption_key] unexpected: src/index.js falls back to a hard-coded key 'default-key-change-in-production' if NEAR_SKILL_KEY is not set. Shipping a default key undermines encryption claims unless users are forced to set their own key.
What to consider before installing
What to consider before installing: - Do not install or run this skill in a production environment until you review and remove the unrelated scripts. Several included JS files contain a hard-coded bearer token and make outgoing requests to market.near.ai — behavior not described in the documentation. - If you want the core wallet functionality: inspect src/index.js and the package locally, remove or quarantine any deliverable/*.js scripts that call external hosts, and confirm no other hidden scripts exist. - Rotate any exposed keys if you or your org have used them (the repo contains a visible token that may be valid). Assume any hard-coded secret in a package is compromised. - Replace the shipped default encryption key by setting NEAR_SKILL_KEY to a strong value before adding any private keys; do not rely on the default key. - Consider running the skill in an isolated environment (air-gapped or restricted egress) until you are confident no unexpected network calls will occur. - Prefer skills with an identified upstream source/homepage and no embedded secrets. If in doubt, request the author to remove deliverable submission scripts and re-release a clean package.

Like a lobster shell, security has layers — review code before you run it.

latestvk97dcrc07jj89ngpwbhejnbgy980sbst

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments