Skillv0.3.1

ClawScan security

cifer · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousFeb 11, 2026, 9:09 AM

Verdict: suspicious
Confidence: high
Model: gpt-5-mini
Summary: The skill's instructions clearly require a wallet private key and network interactions with an external 'blackbox' service, but the skill metadata does not declare those sensitive environment requirements—this mismatch is a coherence and security concern.
Guidance: This skill appears to be a legitimate integration guide for the cifer-sdk, but it omits declaring that it needs a wallet private key and other config. Before using it: (1) Do NOT paste your wallet private key into a chat or an agent prompt. The SKILL.md expects process.env.PRIVATE_KEY — supply that only from a secure secret manager or a hardware-backed signer. (2) Verify and audit the cifer-sdk npm package and the blackbox endpoint (https://cifer-blackbox.ternoa.dev:3010) yourself—the guide will upload data to that external service for encryption/decryption jobs. (3) Prefer using delegated or ephemeral accounts, vaults, or EIP-1193 adapters (browser/hardware wallets) rather than raw private keys. (4) If you install/run code, pin package versions and run in a sandboxed/dev environment first. (5) Ask the skill author or registry maintainer to update the skill metadata to declare required env vars (e.g., PRIVATE_KEY) and to document secure key-handling recommendations; the current metadata/manifest mismatch is the primary reason this skill is flagged as suspicious.

Review Dimensions

Purpose & Capability: concernThe skill's stated purpose (integrating the cifer-sdk) matches the instructions (initializing SDK, creating secrets, encrypt/decrypt payloads and files). However the runtime instructions depend on sensitive credentials (process.env.PRIVATE_KEY) and potentially other config (WalletConnect projectId, custom RPC overrides) that the registry metadata did not declare. That omission is incongruent with the stated purpose because a wallet private key is a core requirement for transaction/signing operations described.
Instruction Scope: concernSKILL.md directs the agent to create a server-side signer from process.env.PRIVATE_KEY, send transactions, poll enclave 'blackbox' jobs, and read/write local files (readFile/writeFile). Those actions are within the functional scope of the SDK but the instructions give no guidance on secure handling of the private key (use of vaults/hardware wallets), and they reference env vars and local file access not declared in the skill metadata. The guide also instructs sending encrypted/decrypted payloads to an external endpoint (https://cifer-blackbox.ternoa.dev:3010), which is expected but requires trust of that service.
Install Mechanism: okThis is an instruction-only skill with no install spec. The doc rightly suggests npm install cifer-sdk (plus ethers, dotenv) — a normal, proportionate dependency for a Node.js integration. Because there is no automatic install script, nothing is silently downloaded by the platform; the user must run npm themselves.
Credentials: concernThe instructions require a private key (process.env.PRIVATE_KEY) to create/send transactions and to authenticate decrypt jobs. A wallet private key grants full control of the represented account and is high-value sensitive data. The skill metadata lists no required environment variables or primary credential, so the skill both fails to declare and fails to justify requesting this sensitive secret. Other optional config (WalletConnect projectId, RPC overrides) are also referenced but undeclared.
Persistence & Privilege: okThe skill is not force-included (always:false) and does not request system-wide configuration changes in the instructions. It does instruct reading and writing files within the user's project (encrypt/decrypt files) which is expected for its purpose. There is no indication the skill will modify other skills' configs or request permanent platform-level privileges.