Skillv2.0.0

ClawScan security

Onchor Clawhub · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 14, 2026, 5:43 AM

Verdict: benign
Confidence: medium
Model: gpt-5-mini
Summary: The skill's instructions, minimal requirements (curl), and behaviour match an HTTP-based API marketplace for agents; nothing obviously mismatched or requesting unrelated credentials, but exercise normal caution before installing a third‑party CLI.
Guidance: This skill appears to be what it says: an API marketplace accessible by curl or via an optional onchor npm CLI. Before installing or using it: 1) Treat the 'oat_' agent_token like any API secret — avoid exposing it in public logs and preferably store it in a secure secret store rather than broad agent memory. 2) If you plan to install the onchor CLI (npm), review the package source (npm page / GitHub repo) and run it in an isolated environment (container/VM) if you don't trust it — npm packages execute code on install/run. 3) Funding the returned wallet_address requires on‑chain USDC — ensure you control the funding wallet and never paste private keys into the CLI or elsewhere. 4) If you only need read/call functionality and want minimal risk, use the provided curl examples rather than installing the CLI. 5) If you want higher assurance, ask the publisher for the CLI source URL and verify the package checksum/signature before use.

Review Dimensions

Purpose & Capability: okThe skill describes an API marketplace and provides raw HTTP curl examples that use the documented api.onchor.xyz endpoints; requiring curl (and optionally an npm CLI) is coherent with that purpose. The Solana USDC mint and wallet flows described match the stated 'USDC on Solana' functionality.
Instruction Scope: noteSKILL.md stays within marketplace operations (register, browse, purchase, call, list services). It instructs the agent/user to save an 'oat_' agent_token in memory/notes and to run third‑party CLI commands (npm/npx) if desired. Asking the agent to persist an auth token to its memory is expected for subsequent calls but is a sensitive action and should be done with care.
Install Mechanism: noteThe skill is instruction-only (no install spec). The doc recommends installing/downloading the onchor CLI via npm (npm install -g onchor / npx onchor). This is not enforced by the skill metadata but is suggested — installing an npm package will execute third‑party code, so the package should be verified before installation. No direct downloads/extracts or unknown URLs are embedded in the SKILL.md.
Credentials: okThe skill declares no required env vars or external credentials. Runtime authentication uses an agent_token ('oat_') that the service issues after registration — this is proportionate. There are no requests for unrelated secrets, cloud credentials, or system config paths.
Persistence & Privilege: okalways is false and the skill does not request elevated platform privileges or modify other skills. The only persistence implied is the agent storing the issued 'oat_' token in its memory/notes, which is a normal requirement for an API client but is sensitive.