Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
OpenFunderse Strategy
v2.0.2Participant MoltBot for allocation proposal, validation, and submission
⭐ 6· 859·0 current·0 all-time
by@wiimdy
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
high confidencePurpose & Capability
Name/description (Participant MoltBot for allocation proposal/validation/submission) align with the declared requirements: node/npm, PARTICIPANT_PRIVATE_KEY, RELAYER_URL, RPC_URL, CHAIN_ID, PARTICIPANT_ADDRESS and submission flags — these are expected for a blockchain relayer/participant agent.
Instruction Scope
The SKILL.md instructs the agent to run npx commands, generate or rotate wallet keys, write sensitive values into ~/.openclaw/workspace/.env.participant and ~/.openclaw/openclaw.json, and recommends restarting the OpenClaw gateway. Those actions read/write global runtime state and persistent files beyond the skill's local scope and can affect other skills and the runtime.
Install Mechanism
No install spec in the package registry, but SKILL.md instructs using npx @wiimdy/openfunderse@2.0.0 which fetches and executes code from npm at install time. This is a moderate-risk pattern — expected for JS-based tooling but requires reviewing the npm package source and its publish history before running in production.
Credentials
Requested env vars are relevant to the bot's function and the primary credential (PARTICIPANT_PRIVATE_KEY) is expected. However the skill both encourages storing and rotating private keys on disk and syncs sensitive env values into a global openclaw.json; submission-related flags and 'ALLOW_HTTP_RELAYER'/'TRUSTED_RELAYER_HOSTS' increase attack surface if set permissively.
Persistence & Privilege
While always:false, install and bot-init explicitly mutate global OpenClaw runtime state (sync into ~/.openclaw/openclaw.json, write wallet backups to ~/.openclaw/workspace/openfunderse/wallets, run openclaw gateway restart). That gives the skill lifecycle the ability to persist secrets to disk and impact other skills or gateway behavior.
What to consider before installing
This pack appears to do what it says (a participant bot) but installs and runtime actions make persistent, high-impact changes. Before installing: (1) review the npm package @wiimdy/openfunderse@2.0.0 source and maintainer history; (2) never use treasury/admin keys — create a dedicated wallet and keep keys offline where feasible; (3) prefer running install with --no-sync-openclaw-env and --no-restart-openclaw-gateway to avoid automatic global mutations, and manually inspect any files written to ~/.openclaw; (4) ensure PARTICIPANT_TRUSTED_RELAYER_HOSTS and PARTICIPANT_ALLOW_HTTP_RELAYER are set conservatively to avoid talking to untrusted relayers; (5) back up and audit ~/.openclaw/openclaw.json before and after changes; (6) if you must automate submission, enable PARTICIPANT_REQUIRE_EXPLICIT_SUBMIT or similar safeguards; and (7) consider testing in an isolated VM or non-production environment first. If you want a firmer permit/deny decision, request the npm package source (or a signed release) and the exact install commands the operator intends to run so those artifacts can be examined.Like a lobster shell, security has layers — review code before you run it.
latestvk970sb44hprmbecrd601ypgrt98179ysmonadvk97eadyjhg7xbe9wdwtcmzwhx58140s0openfundersevk970sb44hprmbecrd601ypgrt98179ysstrategyvk970sb44hprmbecrd601ypgrt98179ys
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
Binsnode, npm
EnvRELAYER_URL, PARTICIPANT_PRIVATE_KEY, BOT_ID, CHAIN_ID, RPC_URL, PARTICIPANT_ADDRESS, PARTICIPANT_AUTO_SUBMIT, PARTICIPANT_REQUIRE_EXPLICIT_SUBMIT, PARTICIPANT_TRUSTED_RELAYER_HOSTS, PARTICIPANT_ALLOW_HTTP_RELAYER
Primary envPARTICIPANT_PRIVATE_KEY