DropClaw Store

The skill's requirements and runtime instructions are coherent with its stated purpose (client-side AES-encrypted permanent storage via DropClaw/x402) and it does not ask for unrelated credentials or install steps in the manifest, but there are a few minor gaps to verify before trusting external installs or payment endpoints.

This skill is internally consistent with its claim to provide client-side AES-encrypted permanent storage via dropclaw.cloud. Before using it: (1) Verify the dropclaw.cloud endpoints and the contract address independently (e.g., on-chain explorers). (2) Do not share wallet private keys or mnemonics with the skill or service; payments should be signed locally by your wallet. (3) If you install the mentioned SDKs (npm/pip) or run an MCP node script, review those packages' source and provenance first — the published skill does not include them. (4) Inspect any 'skill file JSON' returned by the service before using it for retrieval (ensure it contains only metadata and not hidden secrets). (5) Treat the encryption key as the single point of access — keep it offline/backed up and never upload it. If you want higher assurance, ask the publisher for the SDK repo links, a reproducible client implementation, or an audit of the client-side crypto flow.