Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Zora NFT Pro
v1.0.0Generates a Nano Banana style NFT and deploys it to the Zora Network.
⭐ 0· 976·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The SKILL.md and scripts both require GEMINI_API_KEY, PRIVATE_KEY, and ZORA_RPC_URL which are reasonable for image generation + on-chain deployment, but registry metadata claims no required env vars — a clear inconsistency. The included code claims to upload to IPFS and deploy a Zora contract but contains placeholder values ('ipfs://...', '0x...') and no real upload/contract bytecode, so the implementation does not actually match the claimed end-to-end capability.
Instruction Scope
Instructions explicitly ask for a private wallet key (PRIVATE_KEY) and to perform on-chain contract creation/signing. That is within the stated purpose but is high-risk: the skill has no instructions for safe signing (e.g., external/hardware signing, confirmation prompts, or testnet-only operation). SKILL.md doesn't specify which IPFS/Zora endpoints or how to avoid leaking keys; the instructions give the agent broad ability to sign and send transactions.
Install Mechanism
There is no install spec in the registry (install-type none), yet the package includes requirements.txt listing google-generativeai, web3, and requests. That mismatch means the skill may expect dependencies to be installed but doesn't declare how — increasing operational friction and risk if a runtime environment installs packages without vetting. Dependencies come from public PyPI packages (moderate risk) rather than unknown download URLs.
Credentials
Requesting GEMINI_API_KEY and ZORA_RPC_URL is proportional to the stated functionality. Requesting PRIVATE_KEY is functionally necessary to sign and deploy contracts, but it is extremely sensitive. The registry metadata claiming no required env vars contradicts the code and SKILL.md, which is suspicious and could lead users to unknowingly expose credentials. There are no safeguards (e.g., prompts, warnings, or support for delegated signing) in code or docs.
Persistence & Privilege
always:false and no install spec that modifies system or other skills. The skill does not request persistent platform-wide privileges. However, since model invocation is allowed (default), an agent running this skill with a supplied PRIVATE_KEY could autonomously sign transactions — combine that with the prior concerns.
What to consider before installing
This skill needs a real wallet private key to sign and send transactions — exposing a private key to any third-party skill is high risk. Before installing: 1) Verify the publisher and source (homepage is missing and metadata owner is opaque). 2) Do not provide a funded mainnet private key; use a throwaway/test wallet or an account with very limited funds and permissions. 3) Inspect and complete the code yourself — the script contains placeholders for IPFS upload and contract bytecode; it is not a finished deployer. 4) Prefer workflows that require external signing (hardware wallet or separate signing service) rather than storing PRIVATE_KEY in environment variables. 5) If you must test: run in an isolated environment, on testnet, and monitor outgoing network requests. 6) Ask the author for an install spec and for proof of the exact contracts/bytecode used and for safe signing patterns before trusting real assets.Like a lobster shell, security has layers — review code before you run it.
latestvk975k0prq8n0d1pj13r2wee13n80yyan
License
MIT-0
Free to use, modify, and redistribute. No attribution required.