ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Gougoubi Claim All Rewards

v1.0.2

Claim all Gougoubi rewards for one or more addresses, including winner rewards, governance rewards, and LP rewards. Use when users want one-click claiming wi...

0· 234·1 current·1 all-time
by@chinasong

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for chinasong/gougoubi-claim-all-rewards.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Gougoubi Claim All Rewards" (chinasong/gougoubi-claim-all-rewards) from ClawHub.
Skill page: https://clawhub.ai/chinasong/gougoubi-claim-all-rewards
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install gougoubi-claim-all-rewards

ClawHub CLI

Package manager switcher

npx clawhub@latest install gougoubi-claim-all-rewards
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
high confidence
!
Purpose & Capability
The name/description and SKILL.md claim a one‑click reward claimer (winner, governance, LP) which is coherent. However the skill references several local Node script entrypoints (scripts/*.mjs) that are not included in the package. The manifest points to a GitHub repo, but there is no install spec; it's unclear where the runtime code comes from.
!
Instruction Scope
Runtime instructions tell the agent to run node scripts to perform on‑chain claims and to record tx hashes. The SKILL.md does not explain how transactions are to be signed (no wallet/key provider, no RPC endpoints), nor where recorded data is stored. Because the instructions direct potentially destructive on‑chain actions but omit signing and storage details, the scope is underspecified and risky.
Install Mechanism
There is no install specification in the registry (instruction‑only skill). INSTALL.md and clawhub.json reference copying from a local skills folder or installing from a GitHub repo, but those are documentation only — the registry package contains no scripts. This mismatch means the agent or user would have to obtain code externally before the skill is functional.
!
Credentials
Claiming on‑chain normally requires signing credentials (private key, wallet, or delegated signer) and an RPC endpoint; the skill declares no required env vars or primary credential and does not describe how signing is handled. Requiring no credentials while performing transactions is disproportionate and unexplained.
Persistence & Privilege
The skill is not marked always:true, requests no persistent environment access, and provides no install hooks. There is no evidence it requests elevated or permanent privileges in the registry metadata.
What to consider before installing
Do not install or run this skill without clarifying missing pieces. Before proceeding: 1) Verify the referenced GitHub repository and inspect the scripts (scripts/*.mjs) — they are not included in the package. 2) Confirm how transactions are signed: never supply private keys directly to an untrusted skill; prefer hardware signing or an audited signer service. 3) Ask the author to provide an explicit install spec or include the scripts in the package, and a clear description of RPC endpoints, storage for tx hashes, and dry‑run behavior. 4) If you must test, run only in a sandbox/testnet environment and use --dry-run to avoid unintended on‑chain transactions. If the repository and scripts are not verifiable, treat the skill as unsafe.

Like a lobster shell, security has layers — review code before you run it.

Runtime requirements

💰 Clawdis
OSmacOS · Linux · Windows
latestvk977zccjyc5qpe686m091k0q1983eq7y
234downloads
0stars
3versions
Updated 23h ago
v1.0.2
MIT-0
macOS, Linux, Windows
@chinasong
latest
Download

Gougoubi Claim All Rewards

Use this skill for one-click reward claiming across one or multiple addresses.

Use This Skill When

  • The user wants to claim all rewards for one address or multiple addresses.
  • The user explicitly wants the profile-style fast path.
  • The user wants winner, governance, and LP rewards claimed together.

Do Not Use This Skill When

  • The user wants to inspect missing results before claiming. Use gougoubi-recovery-ops.
  • The user wants proposal activation or LP staking. Use activation skills instead.

Input

{
  "addresses": ["0x...", "0x...", "0x..."],
  "method": "profile|quick|full-scan"
}

Defaults:

  • method=profile

Pipeline

Step 1: Validate all addresses.

Step 2: Pick claim method:

  • profile: match the reward-detail modal behavior.
  • quick: fast direct claim path.
  • full-scan: exhaustive fallback only when needed.

Step 3: Run claim for each address.

Step 4: Record all tx hashes and per-type claim status when available.

Step 5: Return a full summary.

Checkpoints

  • Prefer profile unless the user explicitly asks otherwise.
  • Do not force slow condition scanning when the user asked for one-click claim.
  • Safe re-run behavior is required.

Output

{
  "ok": true,
  "method": "profile",
  "addresses": ["0x..."],
  "claimedTxCount": 0,
  "results": [
    {
      "address": "0x...",
      "winnerRewardClaimed": true,
      "governanceRewardClaimed": true,
      "lpRewardClaimed": true,
      "txHashes": ["0x..."]
    }
  ],
  "warnings": []
}

Failure:

{
  "ok": false,
  "stage": "validation|claim|confirm",
  "error": "reason",
  "retryable": true
}

Project Scripts

  • scripts/pbft-claim-rewards-profile-method.mjs
  • scripts/pbft-claim-rewards-quick.mjs
  • scripts/pbft-claim-three-address-rewards.mjs

Script Entry Points

  • Preferred profile path: scripts/pbft-claim-rewards-profile-method.mjs
  • Fast one-click path: scripts/pbft-claim-rewards-quick.mjs
  • Deep scan path: scripts/pbft-claim-three-address-rewards.mjs
  • node scripts/pbft-claim-rewards-profile-method.mjs --help
  • node scripts/pbft-claim-rewards-profile-method.mjs --dry-run
  • node scripts/pbft-claim-rewards-quick.mjs --dry-run
  • node scripts/pbft-claim-three-address-rewards.mjs --dry-run

Boundaries

  • Claim all three reward classes together when available.
  • Keep the method explicit in the output.

Comments

Loading comments...