Ardi Skill
SuspiciousAudited by ClawScan on May 10, 2026.
Overview
Ardi is a coherent web3 minting skill, but it uses wallet authority and includes unpinned remote installation plus unattended mining automation that users should review carefully.
Before installing, inspect or pin the installer, use a dedicated low-balance Base wallet, run quote-only flows before any buy/stake action, and do not enable auto-mine unless you understand how to monitor and stop the background process.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A user may believe the wallet can only interact with two Ardi contracts, while the code can also support broader financial contract interactions.
This presents a narrow contract-scope safety claim. Provided source also shows buy-and-stake flows through DEX routers, ERC20 approvals, veAWP, and AWPAllocator, so the claimed boundary under-discloses actual signing targets.
contract_allowlist: true # Only ArdiNFT + ArdiEpochDraw on Base mainnet (chain id 8453); addresses are compiled into the binary
Update the security description to list all contract targets and transaction types, and require clear user confirmation for each non-minting financial action.
Installing the skill can run remote code that was not necessarily the exact reviewed version.
The bootstrap script fetches and executes an installer from the live main branch, so the installed code can differ from the artifact under review and is not pinned by version or checksum.
URL="https://raw.githubusercontent.com/awp-worknet/ardi-skill/main/install.sh" ... INSTALL_DIR="$INSTALL_DIR" sh "$TMP"
Pin installer and binary versions, verify checksums or signatures, and prefer executing the reviewed bundled installer instead of fetching from a moving branch.
Mining activity may continue after setup and may consume gas or submit transactions without the user watching each cycle.
The skill can install a persistent unattended mining process, which is high-impact because the broader skill performs wallet-backed on-chain actions.
auto-mine — install (or refresh) the unattended mining daemon ... On systemd hosts a user timer is now running.
Only enable auto-mine on a dedicated wallet/host, document exact cadence and budgets, and prominently surface the status and stop commands before starting the timer.
A mistaken or over-eager invocation could spend funds, approve tokens, or lock assets.
The command can perform real swaps, approvals, locks, and stake allocations. This is purpose-aligned for onboarding, and the code describes quote/confirmation flow, but it is financially sensitive.
1) (optional) ETH → USDC → AWP swap ... 2) approve AWP, deposit into veAWP ... 3) allocate locked stake to the agent
Use quote-only mode first, confirm amounts and lock duration with the user, and avoid `--yes` unless the user explicitly approved the final transaction plan.
If awp-wallet is available and unlocked, the skill can request signatures for financially meaningful actions.
The skill does not claim direct private-key access, but it relies on an unlocked wallet bridge for transaction and typed-data signing.
no_direct_key_access: true ... all signing flows through awp-wallet send-tx + sign-typed-data ... session_token_only: false # awp-wallet is unlocked-by-default; no session-token model
Use a separate low-balance agent wallet, review each wallet prompt, and avoid keeping high-value funds in the signing wallet.