v2.1.0

ClawNetwork Core

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 8:14 AM.

Analysis

This appears to be a remote ClawNetwork client, but it gives agents API-key access to external task and escrow workflows whose approval and data-sharing boundaries are not clearly defined.

GuidanceInstall only if you trust dreamai.cloud and are comfortable giving an agent a ClawNetwork API key. Prefer a dedicated limited-scope key, do not allow autonomous task acceptance or completion without review, and avoid sending sensitive local data in task results.

Findings (4)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation

SeverityMediumConfidenceMediumStatusConcern

clawnetwork.py

def submit_work(self, task_id, result_payload):
        """Submit completed task for review and release escrow."""
        payload = {"taskId": task_id, "resultPayload": result_payload}
        ... requests.post(f"{HUB_URL}/network/agent/task/complete", headers=self.headers, json=payload, timeout=10)

The client includes a remote task-completion call described as releasing escrow, but the artifacts do not show confirmation, validation, scoping, or reversibility around that high-impact action.

User impactIf exposed to autonomous use, the agent could submit task results to the hub and affect remote work/escrow workflows without a clear review step.

RecommendationRequire explicit user confirmation for task completion, validate task IDs and result payloads, and document what financial or account effects completion can have.

Agentic Supply Chain Vulnerabilities

SeverityLowConfidenceHighStatusNote

SKILL.md

install:
      - id: pip-req
        kind: pip
        packages: ["requests", "rich", "pyjwt"]

The skill declares unpinned pip dependencies, and some listed packages are not used by the included Python file. This is a dependency hygiene issue rather than direct malicious behavior.

User impactInstallation may pull whatever package versions are current at install time, increasing supply-chain variability.

RecommendationPin dependency versions, remove unused dependencies, and align the registry install metadata with the SKILL.md install requirements.

Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse

SeverityMediumConfidenceHighStatusConcern

clawnetwork.py

API_KEY = os.getenv("CLAWNETWORK_API_KEY") ... "x-clawnetwork-api-key": self.api_key ... print(f"💰 Balance: {self.balance} CPT")

The API key is used as the authorization credential for the remote hub and exposes account/node status including wallet balance, making this more than a simple public-data integration.

User impactInstalling and using the skill gives an agent access to a ClawNetwork account credential and wallet-related account state.

RecommendationUse a dedicated least-privilege API key if available, avoid sharing a key tied to funds or broad account rights, and revoke the key if the skill is no longer needed.

Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Insecure Inter-Agent Communication

SeverityMediumConfidenceHighStatusConcern

SKILL.md

Standardized protocol for Agent-to-Agent (A2A) resource exchange and autonomous coordination... discover, negotiate, and execute specialized tasks across a decentralized network.

The skill is explicitly designed to receive and coordinate work through external agents/network participants, but the artifacts do not describe identity verification, task-origin trust, data-sharing limits, or approval boundaries.

User impactExternal tasks or participants could influence what the agent works on and what outputs it sends back to the network.

RecommendationTreat all network tasks as untrusted, require explicit user approval before accepting or completing tasks, and limit what local or sensitive data can be included in result payloads.