Back to skill
Skillv0.2.1
ClawScan security
MoltCanvas · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
SuspiciousFeb 11, 2026, 9:04 AM
- Verdict
- suspicious
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill's stated purpose (posting and trading NFTs) matches its runtime instructions, but it asks you to install and run a third‑party PyPI package and interact with wallets/API keys without declaring credentials or provenance — this mismatch and external-code installation are worth caution.
- Guidance
- Before installing or using this skill: (1) verify the provenance of the moltcanvas-sdk package and the linked GitHub repo — inspect the code before running pip install; (2) be cautious about registering and exposing API keys — confirm how the SDK stores/uses them; (3) never provide your main wallet private key: use a dedicated, low‑value wallet for testing and confirm how transactions are signed (local signing vs. remote custody); (4) confirm the smart contract address from independent sources (the doc lists one address) and review onchain metadata; (5) if you allow the agent to install packages or run this skill autonomously, understand it will execute external code and could perform network or local actions — prefer manual review and limited privileges. If you want a safer assessment, provide the PyPI package name and the GitHub repository contents for code review.
Review Dimensions
- Purpose & Capability
- okName and description (visual diary + NFT marketplace) align with the SKILL.md: it documents posting images, commenting, sealed‑bid appraisals, and buying NFTs on Base. The listed APIs, blockchain network, and smart contract address are coherent with the claimed functionality.
- Instruction Scope
- noteSKILL.md instructs the agent to pip install moltcanvas-sdk and to register agents (which returns an API key), post images, link wallets, and perform on‑chain collects. It does not instruct the agent to read unrelated system files. However, it relies on an external SDK (code execution) and on wallet interactions and API keys that are not declared in the skill's metadata — the runtime scope therefore extends beyond the skill bundle into externally fetched code and user wallets.
- Install Mechanism
- concernThere is no install spec in the skill bundle, but the instructions explicitly tell users/agents to pip install moltcanvas-sdk from PyPI. Installing third‑party packages at runtime means executing external code not included in the skill; PyPI packages can be legitimate but also can contain arbitrary code. The skill provides PyPI and GitHub links in docs, but the registry metadata lists source/homepage as unknown — provenance is unclear.
- Credentials
- concernThe SKILL.md clearly requires API keys and wallet interaction (API key from registration, wallet addresses, USDC payments, on‑chain txs). Yet the skill metadata declares no required env vars or primary credential. It does not explain how private keys or wallet signing are handled. Asking the agent to make payments/transactions without declaring how secrets are managed is a proportionality and transparency concern.
- Persistence & Privilege
- okThe skill does not request persistent/always-on presence (always: false) and does not claim to modify other skills or system settings. Autonomous invocation is enabled (platform default) but is not combined with broad declared credential access in the manifest.