Skillv2.0.2

ClawScan security

OpenFunderse Participant · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignFeb 15, 2026, 7:25 PM

Verdict: benign
Confidence: medium
Model: gpt-5-mini
Summary: The skill's requirements and runtime instructions are coherent with a blockchain participant bot, but it asks to store and use a highly sensitive private key, runs code fetched from npm, and mutates global OpenClaw runtime state — review and isolate before use.
Guidance: Before installing: 1) Treat PARTICIPANT_PRIVATE_KEY as highly sensitive — use a dedicated wallet with minimal funds and never reuse admin/treasury keys. 2) Review the npm package source (@wiimdy/openfunderse@2.0.0) before running npx, or install/from a vetted artifact in an isolated environment. 3) The installer/bot-init will write envs and wallet files under ~/.openclaw and may restart the OpenClaw gateway — back up ~/.openclaw/openclaw.json and consider using --no-sync-openclaw-env and --no-restart-openclaw-gateway. 4) Prefer running this skill on a separated VM/container if you want to limit blast radius. 5) Verify RELAYER_URL and TRUSTED_RELAYER_HOSTS values and avoid allowing plain HTTP relayers unless you understand the network risks. If you need greater assurance, ask the publisher for the package source or a signed release and for details about exactly what bot-init writes and where.

Review Dimensions

Purpose & Capability: okThe declared env vars (RPC_URL, RELAYER_URL, CHAIN_ID, PARTICIPANT_PRIVATE_KEY, PARTICIPANT_ADDRESS, BOT_ID, and submission flags) and need for node/npm align with a participant that signs and submits allocation claims on a chain. Nothing requested appears unrelated to the stated participant role.
Instruction Scope: noteSKILL.md instructs using npx to install a runtime, optionally generating/rotating a wallet, writing env vars into ~/.openclaw/openclaw.json and wallet backups under ~/.openclaw/workspace/openfunderse/wallets, and restarting the OpenClaw gateway. These actions are within the domain of a participant bot but give the skill broad discretion to mutate global agent state and persist keys to disk — important to be aware of.
Install Mechanism: noteInstallation is via an npx command that fetches @wiimdy/openfunderse from npm at runtime. Fetching and executing remote npm code is normal for JS tooling but introduces risk: the package code runs on install and should be reviewed before running in production.
Credentials: noteRequired envs are numerous but relevant for wallet-based blockchain interaction. The primary credential is PARTICIPANT_PRIVATE_KEY (highly sensitive) — the README explicitly warns about this and recommends a dedicated key. The volume of envs is defensible but increases the attack surface if mismanaged.
Persistence & Privilege: concernThe skill (via install/bot-init) writes private keys and envs into user home paths and triggers an OpenClaw gateway restart, which affects global runtime state and other skills. While this may be required for operation, it is a meaningful privilege that warrants caution (backup existing openclaw.json, use flags to avoid auto-sync/restart, or run in isolated environment).