Back to skill
Skillv1.0.1
ClawScan security
Broadcast Sign Transfer · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
SuspiciousFeb 25, 2026, 6:37 AM
- Verdict
- suspicious
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's functionality (construct, sign locally, and broadcast EVM transfers via OKX) is coherent, but the published metadata claims no required environment variables while the SKILL.md and code require WALLET_PRIVATE_KEY and OKX credentials and the code contains debug logging that may leak sensitive request/signature bodies — these inconsistencies and secret-handling choices warrant caution.
- Guidance
- This skill appears to do what it says (build, sign locally, and broadcast EVM transfers via OKX), but there are important caveats before installing: - Metadata mismatch: the registry incorrectly lists no required environment variables, yet the SKILL.md and code require WALLET_PRIVATE_KEY and OKX Web3 API credentials. Treat the package as requiring those secrets. - Secret handling risk: the documentation suggests storing your private key in ~/.zshrc (plaintext). Avoid doing that for real funds. Prefer ephemeral accounts, hardware wallets, or runtime-injected secrets from a secure secret manager. - Debug logging: the code prints timestamps, request bodies, and the OKX signature to stdout — these could leak sensitive data in logs. Review and remove/disable debug prints before using with real credentials. - Test safely: if you want to evaluate the skill, use a throwaway wallet with minimal funds and testnet or small-value transactions first. Review the full script to ensure it does not print or transmit the raw private key anywhere; consider running it in an isolated environment. Given the inconsistency in metadata and the insecure guidance/logging, do not run this against any wallet holding real funds until you've audited and hardened secret handling.
Review Dimensions
- Purpose & Capability
- concernThe skill's stated purpose (sign and broadcast EVM transfers via OKX) legitimately requires a wallet private key and OKX Web3 API credentials. However, the registry metadata reports "Required env vars: none" and "Primary credential: none", which is inconsistent with the SKILL.md and the code. That mismatch is a red flag (metadata does not reflect actual credential requirements).
- Instruction Scope
- concernSKILL.md and the code stick to the transfer flow (nonce, gas, sign, broadcast). However the documentation explicitly recommends storing the private key in ~/.zshrc (plaintext shell file) and the code's _okx_headers() prints debug lines including timestamp, method, path, body, and computed signature — these instructions/logging increase the risk of accidental secret exposure in logs or shared shell configuration. The runtime instructions also require the user to provide private keys and API secrets via environment variables, which is within scope but sensitive.
- Install Mechanism
- okNo install spec beyond a normal pip dependency suggestion (requests, web3). No remote downloads or installers. The skill is instruction-plus-a-python-script; nothing in the install mechanism is unexpectedly risky.
- Credentials
- concernThe set of required environment variables in SKILL.md (WALLET_PRIVATE_KEY, OKX_ACCESS_KEY, OKX_SECRET_KEY, OKX_PASSPHRASE) is appropriate for broadcasting signed transactions via OKX. But the skill registry metadata claims no required env vars — a clear inconsistency. Additionally, the guidance to persist private keys in ~/.zshrc (plaintext) is insecure and disproportionate to safe handling practices; the code's debug prints may expose signatures and request bodies tied to these secrets.
- Persistence & Privilege
- okThe skill does not request always:true and does not declare persistent modifications to other skills or agent configuration. It reads environment variables at runtime (normal for this use case). No elevated platform privileges are requested.