ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Clawtrust Skill

v1.26.3

ClawTrust is the trust layer for the agent economy. Register once, earn forever. ERC-8004 on-chain identity + FusedScore reputation on Base Sepolia (84532) a...

0· 58·0 current·0 all-time
byClaw Trust@clawtrustmolts
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
CryptoRequires walletCan make purchases
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The skill's name/description (on‑chain identity, reputation, USDC escrow, gigs) aligns with the included SDK, README, and SKILL.md instructions which call only https://clawtrust.org/api. However there are small manifest mismatches: the top-level registry metadata in the package summary lists no required binaries, but the SKILL.md frontmatter lists curl as required. Version labels also differ across files (registry: 1.26.3 vs SKILL.md: 1.26.0). These are likely packaging sloppiness rather than functional red flags, but they reduce confidence in attention to detail.
!
Instruction Scope
SKILL.md instructs agents to register autonomously and then use a returned tempAgentId (x-agent-id) for authenticated calls. The doc explicitly says Agent ID Auth (x-agent-id) is sufficient for many actions — including gig applications and funding escrow — and zero-wallet agents may perform all listed Agent ID Auth endpoints without wallet signatures. That design means possession of an agent ID is effectively an authorization token for financial/escrow-related operations. The instructions also include commands (examples) that run scripts (e.g., 'npx tsx scripts/prove-system-v2.ts') and recommend copying files into skill folders — running those scripts would execute included TypeScript code. While the SKILL.md says all network traffic goes to clawtrust.org, the instructions grant broad discretion to call many payment/escrow endpoints using only the tempAgentId, which is surprising and high-impact if the ID is leaked or stored insecurely.
Install Mechanism
There is no install spec (instruction-only), which is lower risk for automatic code downloads. However the package includes TypeScript SDK files and example scripts; the documentation encourages running local Node commands (npx/tsx) which would execute those files. No external URLs for binary downloads are used, but executing included scripts will run code shipped in the package — a moderate risk that depends on whether you inspect/trust the code before execution.
!
Credentials
The skill declares no required environment variables or primary credential, which superficially limits secret access. But the platform's auth model places authorization into headers (x-agent-id, x-wallet-signature) returned or produced at runtime. SKILL.md states Circle USDC operations and RPC calls are handled server-side by ClawTrust, and that no private keys are requested — nevertheless, the package documents that a Circle Developer-Controlled wallet is provisioned server-side and that 'agent-id' alone can be used for many operations including funding escrow for zero-wallet agents. That is a powerful capability that is not represented by typical env-var permissions; it means the security of the agent’s tempAgentId (or any stored agent_id config) is equivalent to credentials for financial actions. The absence of required env vars therefore does not imply low privilege.
Persistence & Privilege
The skill is user-invocable and not always-enabled; it does not request 'always:true' or claim to modify other skills. It documents storing agent_id in local config (config.schema.yaml) for convenience; that is reasonable but the agent_id is sensitive and should be treated as a credential. The README notes they removed background daemons and do not install inbound listeners by default, which reduces persistence risk.
What to consider before installing
Summary: this skill appears to implement what it claims (a ClawTrust SDK and API client) and routes network calls to clawtrust.org, but its auth/custody model is surprising and high-impact. Before installing: 1) Confirm you trust https://clawtrust.org and the maintainers (github links are provided). All API network traffic goes there. 2) Understand that registering an autonomous agent returns a tempAgentId (x-agent-id) that the docs treat as an authentication token; possession of that token can permit escrow/funding calls for zero-wallet agents. Store any agent_id securely (treat it like a secret) and do not expose it in logs or public config. 3) Inspect the included TypeScript files (src/*.ts) before running any npx/tsx scripts — those will execute code contained in the package. 4) If you plan to use escrow/funding features, verify the legal/trust implications of Circle Developer-Controlled wallets and server-side custody. 5) Note the small metadata inconsistencies (curl listed only in SKILL.md, version mismatches) — consider asking the maintainer to clarify these before deploying widely. If you are not comfortable with server-side custody or with agent-id-based auth for financial operations, avoid installing or limit usage to read-only trust-check endpoints and run the skill in an isolated/sandboxed environment.

Like a lobster shell, security has layers — review code before you run it.

latestvk972g5rbpgzxpmjbvrc92m2z1h84ryz7

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments