ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

xpr-xmd

Interact with Metal Dollar (XMD) stablecoin to mint, redeem, check supply, collateral reserves, and oracle prices with zero fees and multi-collateral support.

MIT-0 · Free to use, modify, and redistribute. No attribution required.
2 · 516 · 1 current installs · 1 all-time installs
by@paulgnz
MIT-0
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
high confidence
!
Purpose & Capability
The skill implements read-only RPC helpers and write tools that sign transactions using a user's XPR private key — this capability matches the described mint/redeem functionality. However, the skill.json manifest declares no required env vars (requires.env is empty) while src/index.ts clearly expects XPR_PRIVATE_KEY, XPR_ACCOUNT, and XPR_PERMISSION. The absence of declared credentials in the manifest is inconsistent and surprising for users.
!
Instruction Scope
SKILL.md documents read-only tools and notes that write tools require confirmation, but it does not document the need to provide a private key/account via environment variables. The code reads process.env.XPR_PRIVATE_KEY and process.env.XPR_ACCOUNT directly for signing; this access to sensitive secrets is not described in the runtime instructions, which is scope mismatch and a user-notice problem.
Install Mechanism
There is no install spec (instruction-only), which reduces install risk. The runtime code dynamically imports '@proton/js' for signing — a legitimate dependency for EOS/Proton-style transaction signing — but no dependency/install information is declared in the manifest. This may cause runtime failures or hidden dependency pulls if the environment attempts to install packages automatically.
!
Credentials
The code requires highly sensitive environment variables (XPR_PRIVATE_KEY and XPR_ACCOUNT) for write operations. That is proportionate to the claimed write capability (signing on-chain), but the skill fails to declare these requirements in skill.json and SKILL.md. Not declaring sensitive credentials is a serious transparency issue: a user could unintentionally provide a key without realizing which skill will use it, or fail to realize the risk of granting signing capability.
Persistence & Privilege
The skill is not force-included (always: false) and does not attempt to modify other skills or system-wide settings. Autonomous invocation is enabled by default (disable-model-invocation: false) but this is normal; no elevated permanence or cross-skill modifications are present.
Scan Findings in Context
[process_env_private_key_access] unexpected: src/index.ts reads process.env.XPR_PRIVATE_KEY and process.env.XPR_ACCOUNT to create a signing session. Requesting a private key is expected for on-chain write operations, but the skill manifest does not declare these env vars, so the access is not documented in metadata or SKILL.md.
[dynamic_import_proton_js] expected: The code dynamically imports '@proton/js' to construct a JsonRpc/Api and JsSignatureProvider for signing transactions. This dependency is expected for the described write (mint/redeem) functionality, but the package/dependency is not declared in an install spec or manifest.
What to consider before installing
This skill provides read-only analytics and also supports mint/redeem operations that require signing with your XPR private key. Before installing or enabling write actions: 1) Treat XPR_PRIVATE_KEY as extremely sensitive — only supply it if you fully trust the skill and its author. 2) Ask the maintainer to update skill.json and SKILL.md to explicitly list required env vars (XPR_PRIVATE_KEY, XPR_ACCOUNT, XPR_PERMISSION) and describe when they are used. 3) If you only need read-only data, avoid supplying any private key and use the read tools; consider running the included test-read.mjs in an isolated environment to verify read-only behavior. 4) Prefer using a separate account or a key with limited permissions (if possible) for signing, and review the code locally to confirm there are no unexpected network endpoints or exfiltration logic. 5) If you cannot confirm the origin/trustworthiness of the owner (owner id: kn7fkc3h30sk93cx039q57pqj5812pkc, source unknown), avoid providing credentials and treat the skill as untrusted for write operations.

Like a lobster shell, security has layers — review code before you run it.

Current versionv0.2.11
Download zip
latestvk976xj0p9se14hfgvzbf76y4yx81311d

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

SKILL.md

Metal Dollar (XMD)

You have tools to interact with XMD, XPR Network's native stablecoin. XMD is a multi-collateral stablecoin pegged to $1 USD, minted and redeemed through the xmd.treasury contract.

How XMD Works

  • Mint: Send a supported stablecoin (e.g. XUSDC) to xmd.treasury with memo mint → receive equivalent XMD at oracle price
  • Redeem: Send XMD to xmd.treasury with memo redeem,SYMBOL (e.g. redeem,XUSDC) → receive equivalent stablecoin back
  • 1:1 peg: Oracle-priced at $1, backed by stablecoin reserves in the treasury
  • Zero fees: Currently 0% mint and redemption fees on all collateral types

Supported Collateral

TokenContractOracle FeedMax Treasury %Status
XUSDCxtokensUSDC/USD60%Mint + Redeem
XPAXxtokensPAX/USD15%Mint + Redeem
XPYUSDxtokensPYUSD/USD15%Mint + Redeem
MPDmpd.tokenMPD/USD2%Mint + Redeem

Contracts

  • xmd.token — XMD token contract (precision 6, issuer = xmd.treasury)
  • xmd.treasury — Mint/redeem logic, collateral management, oracle integration
  • oracles — On-chain price feeds from multiple providers

Read-Only Tools (safe, no signing)

  • xmd_get_config — treasury config: paused state, fee account, minimum oracle price threshold
  • xmd_list_collateral — all supported collateral tokens with fees, limits, oracle prices, mint/redeem volumes
  • xmd_get_supply — XMD total circulating supply
  • xmd_get_balance — check any account's XMD balance
  • xmd_get_treasury_reserves — current stablecoin reserves backing XMD, with USD valuations and collateralization ratio
  • xmd_get_oracle_price — current oracle price for any collateral token (with individual provider data)

Write Tools (require confirmed: true)

  • xmd_mint — mint XMD by depositing a supported stablecoin
  • xmd_redeem — redeem XMD for a supported stablecoin

Safety Rules

  • Oracle price must be >= 0.995 (minOraclePrice) for mint/redeem to proceed
  • Each collateral has a maxTreasuryPercent cap — if the treasury already holds too much of one stablecoin, minting with it is blocked
  • Check isMintEnabled / isRedeemEnabled before attempting operations
  • The treasury can be paused by admins (isPaused) — check config first
  • XMD has precision 6 — all amounts use 6 decimal places (e.g. 1.000000 XMD)

Files

4 total
Select a file
Select a file to preview.

Comments

Loading comments…