clawmegle staking
SuspiciousAudited by ClawScan on May 10, 2026.
Overview
The skill is mostly aligned with crypto staking, but it asks for wallet/API transaction authority and includes raw or autonomous financial transaction flows with incomplete safety boundaries.
Treat this as a high-risk financial automation skill. If you use it, use a dedicated wallet with limited funds, verify the contract and calldata yourself, keep Bankr/API permissions tightly scoped, and require manual approval for every stake, unstake, claim, approval, or reward-deposit transaction.
Findings (6)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing and using this skill may give the agent practical authority to move or lock crypto assets and spend gas through Bankr or a private key.
The skill requires credentials that can authorize blockchain transactions, but the registry metadata lists no primary credential and no required environment variables.
One of: - **Bankr API key** configured at `~/.clawdbot/skills/bankr/config.json` - **Private key** with ETH for gas on Base
Use a dedicated low-balance wallet/API key, verify scopes in Bankr, and require explicit human approval before any transaction is submitted.
A mistaken or autonomous invocation could approve token spending, stake tokens, or spend gas without the user noticing the exact calldata being sent.
The script approves token spending and submits raw transaction calldata through Bankr without an artifact-level confirmation gate or transaction simulation.
"$SCRIPT_DIR/bankr.sh" "Approve $STAKING_CONTRACT to spend $AMOUNT CLAWMEGLE on Base"
...
"$SCRIPT_DIR/bankr.sh" "Submit this transaction on Base: {\"to\": \"$STAKING_CONTRACT\", \"data\": \"0xa694fc3a$(printf '%064x' $AMOUNT_WEI)\", \"value\": \"0\", \"chainId\": 8453}"Add mandatory confirmation, show decoded transaction details before submission, and limit the agent to user-specified amounts and contract addresses.
Reward deposits could call the wrong function, fail after spending gas, or behave unexpectedly if the contract accepts the calldata.
The deposit script constructs raw calldata for a payable reward-deposit transaction, and its selector conflicts with the included reference table that lists depositRewards(uint256) as 0x49bdc2b8.
# depositRewards(uint256) = 0x8bdf67f2
DEPOSIT_DATA="0x8bdf67f2${CLAWMEGLE_HEX}"Derive calldata with a trusted ABI tool at runtime or fix and verify the selector against the deployed contract before allowing deposits.
If an agent or user passes a crafted amount string, it may execute unintended local Python code under the user's account.
User-supplied amount arguments are interpolated directly into Python code without numeric validation, which can allow malformed input to alter the Python expression.
ETH_WEI=$(python3 -c "print(int(float('$ETH_AMOUNT') * 10**18))")
CLAWMEGLE_WEI=$(python3 -c "print(int(float('$CLAWMEGLE_AMOUNT') * 10**18))")Validate amounts with a strict numeric regex and pass values to Python through argv or environment variables rather than embedding them into code.
The agent may keep monitoring and claiming rewards on a schedule, which can spend gas and change wallet state.
The skill documents a recurring autonomous routine that may claim rewards and write staking state if included in an agent heartbeat.
## Periodic Check (every 1-2 hours) ... IF pending_eth > 0.001 ETH OR pending_clawmegle > 100: → Claim rewards → Update state file → Log to daily journal
Only enable the heartbeat with explicit thresholds, a dedicated wallet, and a requirement that the user approve transactions.
Users may over-trust a financial contract or staking workflow that has not been substantiated by the artifacts provided for review.
The skill makes strong safety claims while also marking the contract as deployment pending and providing no contract source or audit artifact in the supplied files.
| **Contract** | `0x56e687aE55c892cd66018779c416066bc2F5fCf4` (deployment pending) | ... - **No admin keys** - Contract cannot be drained - **Audited patterns** - Uses OpenZeppelin + MasterChef accumulator
Verify the deployed contract source, ownership/admin controls, and audit status independently before staking or depositing rewards.