erc-8004-development
Security checks across malware telemetry and agentic risk
Overview
This is a coherent documentation-only blockchain development skill, but it involves wallet credentials and public on-chain/IPFS actions that users should approve carefully.
This skill appears benign for ERC-8004 development. Before using it, create a dedicated testnet or low-value wallet, review every transaction before signing, pin and verify the Agent0 SDK dependency, and remember that on-chain/IPFS registrations and feedback can be public and persistent.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Using a funded or production wallet could spend gas or change on-chain agent ownership/state.
The skill expects an optional wallet private key for signing blockchain registration actions. This is disclosed and aligned with the ERC-8004 purpose, but the key can authorize transactions.
primaryEnv: PRIVATE_KEY ... description: Signer key for on-chain registration. Use throwaway/testnet keys.
Use a dedicated testnet or low-fund wallet, verify the chain and transaction details before signing, and never paste a main wallet seed or high-value private key.
Registrations, URI updates, feedback, or transfers may become public and difficult to undo.
The documented workflow performs public blockchain/IPFS write actions. These writes are central to the skill, but they can be persistent and may cost gas.
// Register on-chain (mints NFT + uploads to IPFS) const tx = await agent.registerIPFS();
Require explicit user approval for any transaction, feedback post, URI update, or transfer, and prefer testnets until the exact behavior is understood.
Installing the SDK pulls external code and dependencies into a project that may handle wallet keys.
The setup relies on a public npm package and the install command does not pin an exact version. This is normal for SDK documentation but is still a supply-chain consideration.
Package: `agent0-sdk` ... Version: 1.5.3+ ... `npm install agent0-sdk`
Pin SDK versions, use a lockfile, review the package source/reputation, and run dependency checks before using it with real credentials.
A malicious or misconfigured endpoint could contribute misleading tool, prompt, resource, or skill metadata to an agent registration.
The skill documents automatically fetching metadata from MCP and A2A endpoints. That is purpose-aligned for agent registration, but endpoint-provided metadata should be treated as untrusted.
await agent.setMCP('https://mcp.example.com', '2025-06-18', true); // auto-fetches tools
await agent.setA2A('https://example.com/.well-known/agent-card.json', '0.3.0', true);Only auto-fetch from endpoints you control or trust, and review fetched metadata before publishing it on-chain or to IPFS.