ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

ERC-8004

v0.1.0

Build with ERC-8004 Trustless Agents - on-chain agent identity, reputation, validation, and discovery on EVM chains. Use when registering AI agents on-chain,...

0· 35·0 current·0 all-time
byMisha Kolesnik@tenequm
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The name/description (ERC-8004 trustless agents) aligns with the SKILL.md and referenced files: contract interfaces, registry addresses, reputation/validation flows, and an Agent0 TypeScript SDK. The examples (registering agents, searching, giving feedback) are coherent with the stated purpose and use expected infrastructure (EVM RPC, IPFS/pinning, npm SDK).
!
Instruction Scope
The SKILL.md contains concrete runtime instructions and code examples that reference environment variables and secrets (process.env.RPC_URL, process.env.PRIVATE_KEY, process.env.PINATA_JWT, filecoinPrivateKey, etc.). The skill bundle itself does not declare these env vars in its metadata; an agent following these instructions will be prompted to access or use those secrets to perform on‑chain registration and IPFS uploads. While those operations are necessary for on‑chain registration, the instructions grant wide discretion to use private keys and external endpoints and lack explicit safety guardrails (e.g., recommending hardware wallet flows or limited-scope credentials).
Install Mechanism
This is instruction-only (no install spec and no code files executed by the platform). The SKILL.md recommends installing an npm package (agent0-sdk) which is expected for the described workflows; the skill itself does not download or execute remote archives. Instruction-only status reduces direct install risk, but following instructions will cause the user/agent to run npm installs and RPC/IPFS network calls.
!
Credentials
The secrets referenced in examples (RPC_URL, PRIVATE_KEY, PINATA_JWT, filecoinPrivateKey, etc.) are proportional to the task of minting NFTs and pinning registration files. However, the skill metadata declares no required env vars, so there is an inconsistency: runtime instructions expect sensitive credentials without the skill advertising or justifying them in its manifest. That gap increases the chance a user or automated agent may inadvertently expose keys to an untrusted skill/context.
Persistence & Privilege
The skill is not always-enabled, is user-invocable, and does not request persistent system privileges or modify other skills. There is no install spec that would create long-lived binaries. Autonomous invocation remains possible (platform default), but that alone is not a new red flag here.
What to consider before installing
This skill appears to be legitimate documentation and examples for ERC-8004 / Agent0 usage, but pay attention: the SKILL.md's examples require sensitive credentials (Ethereum RPC URL, a private key for signing transactions, and IPFS pinning JWTs). The package manifest did not declare these env vars, which is an inconsistency you should treat as a caution. Before installing or running any of the examples: - Never paste your main/private wallet key into an untrusted skill or UI. Use a throwaway account or a payer sandbox for testing. Prefer hardware wallets or external signing where possible. - If you must run registration flows, use a read-only RPC for discovery/testing and a separate signing key when actually writing on-chain. - Validate the upstream packages (agent0-sdk) and repository links (check npm package integrity, GitHub repo, commit history, and package versions) before npm install. - For IPFS pinning, prefer a self-hosted node or limited-scope pin service credentials; do not reuse high-privilege tokens. - The skill is instruction-only (no code bundled), which reduces direct installation risk, but following its instructions will perform network calls and may ask for secrets. If you want higher assurance, request the skill author to declare required env vars in the manifest and to document safe signing workflows (e.g., EIP-712 signatures, hardware-wallet flows) or audit the agent0-sdk code yourself. If you want, I can list the exact env vars and calls the SKILL.md references and suggest safer replacements or a minimal safe test plan.

Like a lobster shell, security has layers — review code before you run it.

latestvk97dcd475bm3xgddy1h1nj9ejx845gsh

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments