ClawHub

8004 Skill

Security checks across static analysis, malware telemetry, and agentic risk

Overview

This appears purpose-built for TRON/BSC agent registration, but it needs review because it uses wallet private keys to submit irreversible blockchain transactions while the registry metadata does not declare credentials.

Treat this as a real blockchain transaction tool. Use a dedicated wallet with limited funds, start on testnet, verify the listed contract addresses independently, pin/audit npm dependencies, and do not let the agent run register, feedback, or set-uri commands without explicit approval.

Static analysis

No static analysis findings were reported for this release.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Risk analysis

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

#
ASI03: Identity and Privilege Abuse
Medium
What this means

A wallet private key can authorize irreversible TRON/BSC transactions, spend fees, and control on-chain agent identities or reputation actions.

Why it was flagged

The skill needs a blockchain wallet private key for write operations. The registry metadata says there are no required env vars or primary credential, so a high-impact account permission is under-declared at install/review time.

Skill content
Private key configuration (choose one):
  - Environment variable: `TRON_PRIVATE_KEY` or `PRIVATE_KEY`
  - File: `~/.clawdbot/wallets/.deployer_pk`
Recommendation

Declare the credential requirement, use a dedicated low-balance wallet, prefer testnets first, and require explicit approval for every mainnet transaction.

#
ASI02: Tool Misuse and Exploitation
Medium
What this means

If run with the wrong chain, network, agent ID, or wallet, the user may publish unwanted reputation data and pay blockchain fees.

Why it was flagged

The script submits an on-chain feedback transaction when invoked. This is aligned with the skill purpose, but it is a high-impact tool action and the shown path does not include an additional confirmation prompt.

Skill content
const tx = await client.sendTransaction(
      contract,
      'giveFeedback',
      { feeLimit: 1000000000, value: 0 },
Recommendation

Confirm the target chain, network, contract address, agent ID, and fee exposure before allowing the agent to run write commands.

#
ASI04: Agentic Supply Chain Vulnerabilities
Low
What this means

A future or compromised dependency version could affect signing or transaction behavior if installed without a lockfile or audit.

Why it was flagged

The skill depends on external npm packages with semver ranges, and the provided manifest does not show a lockfile. This is common for Node blockchain tooling but means install-time code provenance depends on the npm resolution at install time.

Skill content
"dependencies": {
    "tronweb": "^6.0.0",
    "ethers": "^6.13.0"
  }
Recommendation

Install from a trusted source, use a package lock or pinned versions, and audit dependencies before using a real wallet.