ERC-8004 Trustless Agents
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: erc-8004 Version: 1.2.1 The skill is classified as suspicious due to its handling of sensitive private keys and the installation method for a dependency. The `scripts/common.sh` file reads a private key from `$HOME/.clawdbot/wallets/.deployer_pk` or the `PRIVATE_KEY` environment variable, which is then used by other scripts (`feedback.sh`, `register.sh`, `set-uri.sh`) to send blockchain transactions. While necessary for the skill's stated purpose of interacting with Ethereum smart contracts, storing and directly using a private key from a file is a high-risk operation. Additionally, the `SKILL.md` and `README.md` instruct the user to install Foundry (`cast`) via `curl -L https://foundry.paradigm.xyz | bash`, which is a common but inherently risky practice for installing software, as it bypasses package manager integrity checks and executes arbitrary code from a remote source.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Running the skill can access a wallet private key from the local environment or filesystem; transaction scripts can then sign actions from that wallet.
The shared network loader automatically reads a local Ethereum private key when PRIVATE_KEY is not set. That is high-impact wallet authority, and it is broader than the metadata declaration of no primary credential or required environment variables.
local pk_file="$HOME/.clawdbot/wallets/.deployer_pk"
if [[ -f "$pk_file" ]]; then
export PRIVATE_KEY=$(cat "$pk_file")
...
export WALLET_ADDRESS=$(cast wallet address "$PRIVATE_KEY")Declare the wallet credential requirement clearly, avoid auto-loading a default private-key file, and separate read-only queries from any code path that requires signing authority.
If invoked with a funded wallet, the skill can submit real Ethereum transactions and publish agent registration data on-chain.
The registration script defaults to mainnet and uses cast send to submit a live transaction. This is purpose-aligned, but it can spend gas and create permanent public blockchain records.
NETWORK="mainnet"
...
TX_HASH=$(cast send "$IDENTITY_REGISTRY" "register(string)" "$URI" \
--private-key "$PRIVATE_KEY" \
--rpc-url "$RPC_URL"Use testnet and --dry-run first, require explicit user confirmation before mainnet transactions, and use a limited-purpose wallet.
Users may install and run external tooling outside the skill package before using it.
The setup instructions ask the user to run a remote installer and install local command-line dependencies. This is user-directed and relevant to the skill, but it is not represented in the declared requirements.
curl -L https://foundry.paradigm.xyz | bash foundryup # Install jq brew install jq
Install dependencies from trusted sources, review installer instructions, and prefer pinned or verified installation methods where possible.