ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

POIDH Bounty Bot

v1.0.3

Post bounties and evaluate/accept winning submissions on poidh (pics or it didn't happen) on Arbitrum, Base, or Degen Chain. Use this skill when the user wan...

1· 495·0 current·0 all-time
by@saltorioussig
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The SKILL.md clearly requires a PRIVATE_KEY, RPC_URL, and POIDH_CHAIN and lists required binaries (cast, python3) to sign and send transactions and to fetch/evaluate claims. Those requirements are coherent with the stated purpose (creating and accepting Poidh bounties). However, the registry metadata reported earlier (no required env vars / no required binaries) contradicts SKILL.md. That mismatch is notable: either the registry metadata is incomplete or the instructions are out-of-date.
!
Instruction Scope
Runtime instructions direct the agent to use the user's EOA PRIVATE_KEY to sign transactions (cast send --private-key), query the chain, fetch claim URIs (which can be arbitrary external URLs/IPFS/tweets/pages), and evaluate content via vision. Fetching and evaluating arbitrary external content is expected for this task but expands the attack surface (malicious payloads, tracking URLs). Using the raw private key on the agent and passing it as a CLI argument increases exposure (process lists, logs).
Install Mechanism
This is an instruction-only skill with no install spec or code files, which minimizes file-system risk. SKILL.md does declare required binaries (cast, python3) but the registry claimed none — the inconsistency should be resolved. No downloads or external installers are present.
!
Credentials
Requesting a full PRIVATE_KEY and RPC_URL is functionally necessary to post/accept on-chain bounties, but it is a high-privilege secret. The skill does not propose safer alternatives (e.g., signing via a hardware wallet, remote signer, or delegated service). Passing the private key on the command line (as shown) can leak it via process listings or logs. The declared registry metadata failing to list these env vars is an additional red flag.
Persistence & Privilege
The skill is not marked always:true and has no install spec that writes persistent binaries or modifies other skills. Autonomous invocation is allowed (default) but is not, by itself, a new concern; combine that with the private key requirement and fetching external content for higher risk.
What to consider before installing
This skill will need your wallet private key and an RPC URL to operate — both are highly sensitive. Before installing or using it: (1) Confirm with the publisher why the registry metadata omitted the PRIVATE_KEY / RPC_URL / binaries listed in SKILL.md. (2) Prefer safer signing: use a dedicated ephemeral EOA with minimal funds, a remote signer, or hardware wallet rather than pasting your main private key. (3) If you must provide a key, avoid passing it on the command line (the examples do); that exposes it to process listings and logs. (4) Test with very small amounts on the target chain and verify the contract addresses and MIN_BOUNTY_AMOUNT on-chain yourself. (5) Be aware the agent will fetch and evaluate arbitrary external URIs attached to claims — those URIs can host malicious content or tracking. If you are uncomfortable with these risks or cannot use a delegated signer, do not install/enable this skill.

Like a lobster shell, security has layers — review code before you run it.

latestvk9723eq6e17qzpnd8yx7p4fmyh822n7g

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

Environment variables
PRIVATE_KEYrequired
RPC_URLrequired
POIDH_CHAINrequired

Comments