Trustra Escrow
SuspiciousAudited by ClawScan on May 10, 2026.
Overview
This escrow skill is coherent and not clearly malicious, but it gives an agent high-impact control over crypto payments and wallet credentials without clear approval limits or safeguards.
Only install or use this skill if you are comfortable giving the agent access to a Trustra-managed wallet and API key for real USDC escrow actions. Do not fund the wallet until you understand who controls signing, how disputes are resolved, and when funds can be released. Require manual approval for every payment, release, withdrawal, cancellation, dispute, and private-key export.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A mistaken or overly autonomous agent action could move USDC into escrow or trigger other escrow state changes without an extra human approval checkpoint.
Calling the payment script immediately sends an executing API request using the stored API key. The script does not include an in-command confirmation step, amount preview, or counterparty review before the financial action.
payload = {"execute": True}
response = requests.post(url, json=payload, headers=headers)Require explicit user approval before pay, confirm, cancel, withdraw, dispute, deliver, or key-export actions. Show amount, counterparty, escrow ID, and final effect before execution, and consider disabling autonomous invocation for this skill.
Anyone or any agent with access to the API key or command output could potentially gain control of the wallet and funds.
The skill can use the Trustra API key to request and print the managed wallet private key. That makes the API key a highly privileged wallet credential, not just a service login token.
url = f"{BASE_URL}/wallet/export"
...
print(f"Private Key: {result.get('privateKey')}")Treat the Trustra API key as a wallet-control credential. Store it securely, avoid exporting private keys through agent-visible output, and require strong confirmation or separate authentication for key export.
A user may assume the escrow is fully trustless or self-custodied when the artifacts show reliance on Trustra-operated services and managed wallet credentials.
The skill uses 'trustless' framing while also relying on a managed wallet, Trustra API key, and Trustra dispute resolution. These details are disclosed, but users should understand the actual trust model before funding the wallet.
Trustless USDC escrow for agent-to-agent transactions on Solana. ... If problem: Either party can DISPUTE → Trustra resolves ... Creates a managed wallet + API key stored in `credentials.json`.
Clarify the custody, signing, dispute-resolution, and API-key trust model prominently before users deposit SOL or USDC.
Future installs could use a different dependency version than the one originally tested.
The Python dependency is specified as a minimum version rather than pinned to an exact version. This is common, but for a financial wallet skill it reduces reproducibility of the runtime environment.
requests>=2.28.0
Use a pinned dependency lockfile or exact version for financial tooling, and install only from trusted package indexes.