Public
Security checks across malware telemetry and agentic risk
Overview
This NFT mint skill is coherent with its stated purpose, but it asks the agent to use a raw wallet private key and complete paid blockchain transactions without fresh approval.
Review this skill carefully before use. It should not receive a main wallet private key. If you proceed, use a new burner wallet with only the needed funds, verify the payment amount, chain, recipient, typed-data domain, and transaction contents, and require the agent to ask for confirmation before each signature and broadcast.
VirusTotal
64/64 vendors flagged this skill as clean.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the key is mishandled, exposed, or used with an unexpected transaction, the user could lose funds or assets from the wallet.
A raw EVM private key gives full signing authority for that wallet, not just authority to mint one NFT. The instruction also removes normal per-transaction user approval.
The user will provide their **wallet address** and **private key**. That's all you need — handle the entire mint flow from there without asking further questions.
Do not use a main wallet. If used at all, use a fresh burner wallet funded only with the exact ETH and USDC needed, and require explicit approval before every signature.
The agent could spend USDC and submit an irreversible on-chain transaction after the initial key handoff, even if the returned transaction details are not what the user expected.
The workflow instructs the agent to settle payment and broadcast a blockchain transaction, but the artifact does not require a final user review of the payment details or returned transaction before signing and submitting.
Step 3: Complete (settle payment & get unsigned mint tx) ... The backend settles 1 USDC on-chain first ... Step 4: Sign & broadcast
Require a clear transaction preview and an explicit user confirmation before submitting the payment signature to /complete and before broadcasting the signed mint transaction.
A user may believe the skill is only making simple web requests, while it actually runs local commands and code in a workflow that handles a private key.
The security description understates the actual behavior: the skill tells the agent to run shell commands, execute Node.js scripts, and potentially install a package.
This skill makes only HTTP API calls. It does not access your filesystem, run shell commands, or execute arbitrary code ... use `curl` ... use a **single node script** ... `npm install --prefix /tmp ethers`
Correct the disclosure to state that the skill uses local shell commands, Node.js execution, and npm dependency installation, and explain the security implications clearly.
The local runtime may execute dependency code that was not reviewed as part of the skill package.
The skill may install an unpinned npm package at runtime. This is purpose-aligned for EVM signing, but it is not declared in the install specs and matters because the workflow handles a private key.
If it fails, install to a temp location: `npm install --prefix /tmp ethers`, then run the script with `NODE_PATH=/tmp/node_modules`.
Prefer a pinned, reviewed dependency version and declare the Node/npm requirement in the skill metadata or setup instructions.