ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

ChaosChain ACE (Phase 0)

v0.1.0

Authorize autonomous x402 API payments with bounded, wallet-funded session keys under strict policy limits in ACE Phase 0 without credit lines.

0· 604·0 current·0 all-time
by@sumeetchougule
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The name/description claim an agent-side policy for authorizing wallet-funded session-key payments and the SKILL.md consistently instructs use with the @chaoschain/ace-session-key-sdk. There are no unrelated environment variables, binaries, or install specs requested — which is coherent. However, the skill omits explicit declaration of the credentials (wallet private key or managed session-key provider) that are required to actually sign/pay, which is a notable omission rather than an explicit mismatch.
!
Instruction Scope
The instructions are primarily policy and runtime guidance (schema discovery, spending rationale, strict policy checks) and are scoped to payments. But they include operational commands like 'Refresh skills' and 'Enable ChaosChain ACE' and an initialization flow that assumes the agent can be enabled/configured and that an invite code may be requested. Critically, the runtime instructions do not explain where signing keys/session keys come from, how they are stored/approved, or how the SDK is initialized with credentials — leaving room for inconsistent or insecure implementations.
Install Mechanism
This is an instruction-only skill with no install spec or code files (lowest disk-write risk). The SKILL.md recommends installing an npm SDK (npm install @chaoschain/ace-session-key-sdk@0.1.x ethers@6), but the registry entry does not provide an install mechanism or pinned artifact. The risk is moderate only because the SDK comes from a third-party package; operators should verify the SDK source and integrity before installing.
!
Credentials
No environment variables, primary credential, or config paths are declared, yet the skill's purpose (making wallet-funded payments) necessarily requires signing credentials or a session-key provider. The absence of declared credential requirements is disproportionate and ambiguous: implementers might be tempted to store private keys in env vars, agent secrets, or prompt users ad hoc, any of which could lead to credential exposure or misconfiguration.
Persistence & Privilege
The skill is not marked always:true and does not request system-wide configuration changes. The initialization step asks to 'Enable ChaosChain ACE' and to 'Refresh skills' before first payment, which is an operational instruction but not a built-in privilege escalation. No instructions indicate modification of other skills' configs or system-wide settings.
What to consider before installing
This skill is primarily an agent-side policy template for using a third-party SDK to perform wallet-funded, limited payments. Before installing or enabling it: 1) Ask how signing keys/session keys are supplied — the SKILL.md does not declare or describe credential handling; never provide private keys except to a vetted secrets manager or hardware-backed signer. 2) Verify the SDK (@chaoschain/ace-session-key-sdk) source and integrity (review the GitHub repo referenced in metadata, check releases/tags, and audit the package) before running npm install. 3) Confirm the operator approval flow (what is an 'invite code' and who issues it) and ensure the agent will require explicit user confirmation for payments above safe thresholds. 4) Test in a sandbox with tiny amounts and strict max_per_tx/max_per_day policy before any production use. 5) Prefer session keys with limited scopes and TTLs, enable detailed logging/recording of decisions, and have a revocation/rotation process. The lack of declared credential requirements and the ambiguity around enabling/configuring the skill are the main risks to resolve; clarifying those would increase confidence.

Like a lobster shell, security has layers — review code before you run it.

latestvk9763n55910bae7hx7fpx33759815q8sopenclawvk9763n55910bae7hx7fpx33759815q8spaymentsvk9763n55910bae7hx7fpx33759815q8sphase0vk9763n55910bae7hx7fpx33759815q8sx402vk9763n55910bae7hx7fpx33759815q8s

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

A Clawdis

Comments