ChaosChain - Agent Trust & Reputation
PassAudited by ClawScan on May 1, 2026.
Overview
The skill is coherent with its stated blockchain reputation purpose, but users should notice the optional wallet private key and on-chain registration capability before enabling it.
Safe for read-only verification use. Before enabling registration, use a dedicated low-balance wallet, keep the private key unset until needed, verify the network is Sepolia unless you intentionally want mainnet, and understand that blockchain transactions are generally irreversible.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If you configure a private key, the skill can use that wallet to perform the registration transaction and spend gas.
The optional registration flow requires a wallet private key and ETH for gas, which is sensitive account authority even though it is disclosed and purpose-aligned.
Requirements: - `CHAOSCHAIN_PRIVATE_KEY` must be set - Wallet must have ETH for gas (~0.001 ETH)
Use a dedicated low-balance wallet, prefer Sepolia for testing, and leave `CHAOSCHAIN_PRIVATE_KEY` unset unless you intentionally want to register.
Accidental registration on the wrong network could create an irreversible blockchain transaction and spend gas.
The skill exposes a transaction-submitting command. It is clearly disclosed and defaults to Sepolia, but it is still a high-impact action users should invoke deliberately.
⚠️ **WARNING: This command submits an on-chain transaction.** `/chaoschain register --network mainnet # Advanced users only`
Confirm the network, wallet, and intent before running `/chaoschain register`, and use explicit user approval for any mainnet registration.
Installing dependencies pulls code from the Python package ecosystem during setup, which is normal for this kind of skill but carries standard supply-chain risk.
The setup script installs external Python packages, and the requirements use broad minimum versions rather than pinned hashes or a lockfile.
pip install --quiet --upgrade pip pip install --quiet -r "$SKILL_DIR/requirements.txt"
Run setup only from a trusted installation, consider pinning dependency versions, and review dependency provenance if using this with a funded wallet.