Skillv1.0.0

ClawScan security

Tether Wallet Development Kit · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 9, 2026, 5:27 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's documentation and references match a multi‑chain wallet SDK, but the runtime instructions include a prompt‑injection pattern and broad web‑fetch guidance that could let the skill alter agent behavior or pull arbitrary external content — review before enabling.
Guidance: This bundle appears to be documentation for a wallet SDK and is largely coherent with that purpose, but stop and verify before installing or invoking it. Specific things to consider: - Do not paste or store any private seed phrases, private keys, or secret API keys in the skill or in env vars unless you fully trust and control the code that will use them. The SKILL.md contains many examples showing process.env.SEED_PHRASE and secret keys — those are examples, not requirements. - The SKILL.md instructs the agent to web_fetch referenced URLs; confirm the listed URLs (npm, GitHub, official docs) are legitimate and point to official Tether/Tether‑owned domains. Manually verify package pages and GitHub repos before following any fetched instructions. - The pre‑scan detected a prompt‑injection pattern ('ignore-previous-instructions') inside the skill docs. That could be malicious or accidental; prefer to view the raw SKILL.md yourself and search for any lines that try to override agent policies or ask for secrets. - Because this is instruction‑only, risk comes from fetched external content and any follow‑on actions your agent might take. If you enable the skill, restrict its access (do not provide secrets) and watch what web_fetch/web_search returns. - If you plan to use the actual npm packages, install them independently after verifying their npm and GitHub sources and audit their code and package versions. If you want, I can: (a) list all external URLs referenced for manual verification, (b) fetch and summarize the top docs pages so you can review what those pages would teach the agent, or (c) flag specific lines in SKILL.md that look like instruction overrides.
Findings: [ignore-previous-instructions] unexpected: A prompt‑injection pattern was detected in SKILL.md. Documentation files normally do not include instructions to ignore prior instructions; this is a red flag because it can be used to override or manipulate the agent's guidance at runtime. Treat fetched/embedded instructions with caution.

Review Dimensions

Purpose & Capability: okName, description and the included reference files consistently describe a Tether WDK (multi‑chain wallet SDK) and link to npm/GitHub/docs pages; the files and examples match the stated purpose and required packages.
Instruction Scope: concernSKILL.md explicitly instructs the agent to discover and fetch URLs from the reference files using web_fetch/web_search. That is reasonable for a documentation skill, but the SKILL.md also contains a detected prompt‑injection token ('ignore-previous-instructions') and broad guidance to fetch arbitrary referenced URLs. Those could be used to manipulate the agent's runtime instructions or to pull and execute unexpected content if the agent treats fetched content as authoritative.
Install Mechanism: okInstruction‑only skill with no install spec and no code files — low install risk. Nothing is written to disk by an installer in this bundle.
Credentials: noteThe skill declares no required environment variables or credentials (none listed). However, many code examples reference sensitive items (seed phrases, API/secret keys like 'secretKey', 'gasFreeApiKey', MoonPay secretKey). Those are example usage patterns appropriate to the SDK but are not requested by the skill metadata — users must NOT supply private keys or secrets to the skill itself.
Persistence & Privilege: okalways:false and no install steps that modify agent configuration. The skill is user‑invocable and can be invoked autonomously per platform default; that is normal and not by itself a concern.