Skillv1.0.12

ClawScan security

Monero Wallet · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

BenignMar 17, 2026, 8:06 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's requirements, instructions, and included helper script are consistent with a local Monero gateway client and do not request unrelated credentials or remote installs; it appears to do what the description says.
Guidance: This skill is internally coherent: it expects you to run a local Ripley Gateway and to supply a gateway API key (AGENT_API_KEY). Before installing, verify you trust the skill source and the Ripley Docker images (kyc.rip / GitHub repo), because running a local gateway image gives that code access to your node/wallet. Only set AGENT_API_KEY if the gateway is genuinely under your control (127.0.0.1 is enforced by the helper script). Be aware that using pay-402 will spend real XMR — double-check nonce/address/amounts and transaction logs to avoid duplicate payments. If you need higher assurance, review the GitHub repo and Docker image manifests and run the gateway in an isolated environment first.

Purpose & Capability: okName/description (manage XMR via Ripley Gateway) match the declared requirements: python3, curl, AGENT_API_KEY, and a local gateway. The single included script and curl examples are appropriate for that purpose.
Instruction Scope: okSKILL.md instructs the agent to talk only to a local Ripley Gateway (127.0.0.1:38084) or use the included Python helper. The instructions focus on balance, addresses, transfers, and XMR402 payment flows; they do not instruct reading unrelated files or exfiltrating arbitrary data. Note: the skill directs the agent to perform on-chain payments (pay-402), which is within scope but implies financial consequences.
Install Mechanism: okNo install spec (instruction-only) and a small helper script included. No downloads from remote URLs or archive extraction. Declared pip dependency (requests) is reasonable for the helper script.
Credentials: okOnly AGENT_API_KEY is required and is used as the gateway authentication key; that is proportional to the skill's function. The helper script reads only that env var (or an explicit --api-key). No other secrets or unrelated env vars are requested.
Persistence & Privilege: okSkill is not forced to always-load and uses normal autonomous invocation. It does not request system-wide config changes, nor access to other skills' credentials or config paths.