Skillv1.0.1

ClawScan security

DECK-0 · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignFeb 12, 2026, 1:35 PM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's requests and instructions are consistent with its stated purpose (interacting with an NFT card platform) — it legitimately needs a wallet signer and cast/curl/jq/shasum for fallback signing and on-chain operations, but the private key it asks for is highly sensitive and should only be provided with explicit user consent.
Guidance: This skill appears coherent for interacting with the DECK-0 platform, but it can use a private key (DECK0_PRIVATE_KEY) as a fallback signer — that key can sign real blockchain transactions and spend funds. Prefer using the runtime-provided wallet signer (hardware or managed wallet) and avoid setting DECK0_PRIVATE_KEY in the environment unless you explicitly trust this skill and understand the risk. If you must provide a key: (1) use an ephemeral or tightly-scoped wallet with minimal funds, (2) never paste keys into chat, (3) remove the env var immediately after use, and (4) monitor the wallet for unexpected transactions. If you want stronger safety, require manual approval before any transaction or use a hardware/runtime signer so the agent cannot sign transactions autonomously.

Review Dimensions

Purpose & Capability: okName/description (DECK-0 digital collectibles: browse, buy, open packs, publish) match the required tooling: a signer for EIP-191 auth / on-chain transactions and CLI tooling (cast, curl, jq, shasum) used in the provided shell examples. Nothing requested (binaries, env vars) appears unrelated to the stated functionality.
Instruction Scope: okSKILL.md and the included docs only instruct the agent to call the DECK-0 API endpoints, construct canonical payloads, sign them, and perform on-chain calls (mintPacks/openPacks). Examples reference only the declared env var and standard temp files; there is no instruction to read unrelated system files or exfiltrate data. The docs explicitly recommend using runtime-provided wallets and treating DECK0_PRIVATE_KEY as a sensitive fallback.
Install Mechanism: okInstruction-only skill with no install spec and no downloaded artifacts. It asks the user to ensure Foundry/cast is available (via standard package managers like Homebrew) and to have curl/jq/shasum — this is low-risk and proportionate.
Credentials: noteOnly a single environment variable is declared: DECK0_PRIVATE_KEY (primary credential). This is expected for a fallback signing mode, but it's highly privileged — possession of this key allows signing transactions and spending the user's funds. The skill documents this sensitivity and recommends runtime wallets first, which is appropriate.
Persistence & Privilege: noteThe skill is not always-enabled and has no install hooks, which limits persistence. However, if DECK0_PRIVATE_KEY is set in the agent environment, the agent (which can invoke skills autonomously by default) could sign and send on-chain transactions without further prompts. The SKILL.md recommends explicit user approval for using the private key, but that policy isn't technically enforced by the docs — treat the env var as a powerful capability.