Ardi Skill
PassAudited by VirusTotal on May 7, 2026.
Overview
Type: OpenClaw Skill Name: ardi-skill Version: 1.0.0 The ardi-skill is a comprehensive toolset for agents to participate in the Ardi 'Agent Ordinals' protocol on the Base mainnet. It includes a Rust-based CLI (ardi-agent) for solving riddles and minting NFTs, and an 'auto-mine' feature that utilizes systemd timers to drive the mining cycle autonomously. While the skill performs high-risk operations—including blockchain transactions, downloading binaries (install.sh), and establishing persistence via systemd—these actions are transparently documented and essential to the stated purpose. Security is prioritized by delegating all cryptographic signing to an external tool (awp-wallet), ensuring the skill never handles private keys directly. No evidence of data exfiltration, credential theft, or malicious intent was found.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A user may believe the wallet can only interact with two Ardi contracts, while the code can also support broader financial contract interactions.
This presents a narrow contract-scope safety claim. Provided source also shows buy-and-stake flows through DEX routers, ERC20 approvals, veAWP, and AWPAllocator, so the claimed boundary under-discloses actual signing targets.
contract_allowlist: true # Only ArdiNFT + ArdiEpochDraw on Base mainnet (chain id 8453); addresses are compiled into the binary
Update the security description to list all contract targets and transaction types, and require clear user confirmation for each non-minting financial action.
Installing the skill can run remote code that was not necessarily the exact reviewed version.
The bootstrap script fetches and executes an installer from the live main branch, so the installed code can differ from the artifact under review and is not pinned by version or checksum.
URL="https://raw.githubusercontent.com/awp-worknet/ardi-skill/main/install.sh" ... INSTALL_DIR="$INSTALL_DIR" sh "$TMP"
Pin installer and binary versions, verify checksums or signatures, and prefer executing the reviewed bundled installer instead of fetching from a moving branch.
Mining activity may continue after setup and may consume gas or submit transactions without the user watching each cycle.
The skill can install a persistent unattended mining process, which is high-impact because the broader skill performs wallet-backed on-chain actions.
auto-mine — install (or refresh) the unattended mining daemon ... On systemd hosts a user timer is now running.
Only enable auto-mine on a dedicated wallet/host, document exact cadence and budgets, and prominently surface the status and stop commands before starting the timer.
A mistaken or over-eager invocation could spend funds, approve tokens, or lock assets.
The command can perform real swaps, approvals, locks, and stake allocations. This is purpose-aligned for onboarding, and the code describes quote/confirmation flow, but it is financially sensitive.
1) (optional) ETH → USDC → AWP swap ... 2) approve AWP, deposit into veAWP ... 3) allocate locked stake to the agent
Use quote-only mode first, confirm amounts and lock duration with the user, and avoid `--yes` unless the user explicitly approved the final transaction plan.
If awp-wallet is available and unlocked, the skill can request signatures for financially meaningful actions.
The skill does not claim direct private-key access, but it relies on an unlocked wallet bridge for transaction and typed-data signing.
no_direct_key_access: true ... all signing flows through awp-wallet send-tx + sign-typed-data ... session_token_only: false # awp-wallet is unlocked-by-default; no session-token model
Use a separate low-balance agent wallet, review each wallet prompt, and avoid keeping high-value funds in the signing wallet.