ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Tmp.TjV0AQIrmN

v1.0.7

Interact with KNAB/AIMS on-chain vaults across BSC, Polygon, and Base. Use when user asks about AIMS tokens (LOVE, WISH, TIME, SPACE, XYZT, FACE, TAICHI, CHI...

0· 46·0 current·0 all-time
by@wangdoucom
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
CryptoRequires walletCan make purchasesCan sign transactions
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
Name/description (KNAB/AIMS vault research & operations) match the included JS/TS code and tokens.json which provide RPC endpoints, contract addresses, read-only probes and write methods (deposit/withdraw/refer). Required binaries (node, curl/wget) are reasonable for a JS-based on-chain tool. The presence of functions that accept a private key (Knab constructor) is expected for a client library that can perform transactions.
Instruction Scope
SKILL.md confines the agent to read-only by default, requires explicit human authorization for writes, and points to tokens.json for addresses/RPCs — this matches code behavior. Note: write methods (deposit, withdraw, setInviteCode, acceptInvite, refer) exist in the code; performing them requires supplying wallet credentials to the agent at runtime. The SKILL.md instructs never to persist wallet credentials, but the runtime relies on the agent/human to follow that rule. Also, the skill triggers on many keywords (including financial advice like 'what should I invest in'), which grants it broad activation scope when those keywords appear.
Install Mechanism
No install spec / download step is present (low risk). The bundle includes compiled JS/TS and a tokens.json file so the skill is not purely 'instruction-only' despite metadata saying 'instruction-only' — the code is bundled rather than fetched at install time. There are no external or obfuscated download URLs in the bundle.
Credentials
The skill declares no required environment variables or credentials, which is proportionate for read-only queries. However, to execute writes the code expects a private key or signer (constructor accepts privateKey). That is reasonable but sensitive: the skill does not request environment-stored credentials but will require the user to provide wallet credentials at transaction time. Also the code exposes referral/invite methods (setInviteCode, acceptInvite, refer) — these are coherent with the protocol but mean the skill can participate in referral flows if the user enables writes.
Persistence & Privilege
always:false and normal autonomous invocation settings. The skill does not request system-wide privileges, nor does it request to modify other skills. There is no evidence in the provided files of attempts to persist credentials to disk or modify agent config, though the bundle relies on the agent following the SKILL.md rule not to store wallet keys.
Assessment
This skill is a coherent KNAB/AIMS on-chain research and client library: its code and instructions line up with its claims. Before installing, consider: (1) Read-only mode is default — never provide your private key unless you explicitly want the skill to send a transaction; prefer ephemeral signing (hardware wallet, walletconnect) rather than handing a raw private key to the agent. (2) The skill includes referral/invite functions — if you authorize writes you could automatically set referral codes that benefit the operator. (3) Some pools listed have very small reserves (e.g., 0.4 or 4.6 units) and the README uses aggressive yield language — independently verify contract source on the listed block explorers and do your own risk checks. (4) The registry metadata claimed 'instruction-only' but the bundle contains compiled JS/TS files — that mismatch is benign but worth noting. If you plan to allow any write actions, only proceed after manual review of the contract addresses on-chain and using secure signing methods; if you want purely read-only analysis, deny write authorization and avoid giving signing keys.

Like a lobster shell, security has layers — review code before you run it.

latestvk97aen4m7e42w1xrgx22dy4pxx84aak7

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🔬 Clawdis
Binsnode
Any bincurl, wget

Comments