Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
ERC-8004 Trustless Agents
v1.2.1ERC-8004 Trustless Agents - Register, discover, and build reputation for AI agents on Ethereum. Use when registering agents on-chain, querying agent registries, giving/receiving reputation feedback, or interacting with the AI agent trust layer.
⭐ 0· 2.4k·21 current·21 all-time
by@sp0oby
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
high confidencePurpose & Capability
The skill claims to register/query agents on-chain — that legitimately requires an Ethereum private key, RPC access, and optional IPFS pinning credentials. However the registry metadata declares no required env vars or credentials while the SKILL.md and scripts explicitly expect PRIVATE_KEY (or a file at ~/.clawdbot/wallets/.deployer_pk), and PINATA_JWT. The declared metadata is therefore inconsistent with actual needs.
Instruction Scope
Runtime instructions and the shipped scripts call external services and perform wallet operations: they invoke 'cast' to read chain state and send signed transactions, optionally upload payloads to Pinata via curl, and read a private key file in the user's home directory. The scripts accept private keys via env or command-line flags (which can leak via process listings) and will sign/send transactions — all expected for an on-chain registration tool but broader in scope than the metadata implies.
Install Mechanism
There is no formal install spec (instruction-only), which is low risk from an installation point of view. SKILL.md suggests running 'curl -L https://foundry.paradigm.xyz | bash' to install 'cast' (Foundry) and 'brew install jq' — these are common but involve executing a remote install script. The package does not download arbitrary archives itself.
Credentials
The code requires sensitive secrets (an Ethereum PRIVATE_KEY and optionally PINATA_JWT) and reads a local key file under ~/.clawdbot/wallets/.deployer_pk, yet the skill metadata lists no required env vars or config paths. Requesting a private key is proportionate to on-chain signing, but the omission in metadata and the scripted default key-file path (a nonstandard app-specific path) are unexpected and should be justified by the publisher before use.
Persistence & Privilege
always:false and user-invocable:true (normal). The skill does not request permanent system-wide presence or modify other skills. It does access a private key file in the user's home directory, which is a form of local data access outside the declared config — a noteworthy but not privileged action.
What to consider before installing
This skill appears to implement exactly what it claims (on-chain registration, queries, and reputation feedback), but the package metadata omits the sensitive credentials the scripts actually require. Before using it: 1) do not paste or pass your long-term private key on the command line; prefer using a hardware wallet or ephemeral key and avoid -k/PRIVATE_KEY where possible; 2) inspect the ~/.clawdbot/wallets/.deployer_pk path — don't place long-term keys in plaintext files; 3) verify the contract addresses and RPC endpoints (e.g., via Etherscan) and the authorship (homepage is missing); 4) if you need to upload metadata avoid giving PINATA_JWT to unknown code — upload manually to a trusted pinning service instead; 5) be cautious running suggested installers (curl | bash) for 'cast' and only install tools from trusted sources. The metadata mismatch (declaring no required env vars while scripts require keys) is a red flag worth clarifying with the skill author before installing.Like a lobster shell, security has layers — review code before you run it.
latestvk973wcfd5sy2cs1nay2vf1vkkx804ayq
License
MIT-0
Free to use, modify, and redistribute. No attribution required.