Near Subaccount
WarnAudited by ClawScan on May 10, 2026.
Overview
This skill matches its stated NEAR account purpose, but its script can run unsafe shell commands from unchecked input and can perform bulk account or token changes without built-in safeguards.
Review the script before installing. Only run it with trusted account names and JSON files, prefer a dedicated testnet or low-value NEAR account, and require manual confirmation before any delete or bulk distribution operation.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A crafted subaccount name, amount, master account, or JSON file entry could cause unintended local shell commands to run when the skill invokes the NEAR CLI.
The script builds shell command strings from user arguments and JSON-provided account values, then executes them with child_process.exec without validation or argument separation.
const cmd = `near send ${masterAccount} ${subaccountId} ${amount} ${networkFlag}`;
await execAsync(cmd);Do not use this with untrusted inputs or files. The maintainer should replace exec with execFile/spawn argument arrays, strictly validate NEAR account IDs and numeric amounts, and reject shell metacharacters.
If the agent is invoked with the wrong inputs, it could delete a subaccount or send tokens in bulk without a second check. The code appears hard-coded for testnet, which reduces real-funds impact but still mutates the configured testnet account.
The code can delete accounts and send tokens to every account in a file, but it does not implement a confirmation step, dry-run preview, recipient limit, or amount cap.
await deleteSubaccount(arg1, arg2);
...
for (const subaccountId of subaccounts) {
const cmd = `near send ${masterAccount} ${subaccountId} ${amount} ${networkFlag}`;
await execAsync(cmd);Require explicit user approval before delete or distribute actions, show a preview of recipients and amounts, add safe limits, and document the network being used.
The skill may sign transactions with whatever NEAR account is already configured in the local CLI, which may be more authority than the user expects from the metadata.
The metadata does not declare credentials or config paths, while SKILL.md and README require a configured NEAR CLI, meaning local NEAR signing credentials may be used indirectly.
Required env vars: none Primary credential: none Required config paths: none
Use a dedicated low-value/testnet account, verify NEAR_ACCOUNT and the active NEAR CLI profile before use, and update metadata to declare the NEAR CLI credential/config dependency.