openclaw agent reputation

This skill is plausible for the stated blockchain reputation purpose, but it has important inconsistencies and missing details you should clarify before installing or providing any secret. What to check/ do before using: - Do NOT export your real mainnet private key into PRIVATE_KEY for this skill. Use a disposable/testnet wallet with minimal funds if you want to try it. - Ask the maintainer: why does the registry metadata list no required env vars while SKILL.md requires PRIVATE_KEY? Where is the authoritative install/implementation (the repo or npm package)? - Verify the referenced GitHub repo and npm package contents yourself. Because the skill is instruction‑only here, the agent would need to implement web3 calls — confirm whether 'clawhub install' will fetch code and inspect that code before running it. - Ask how RPC endpoints are chosen. If the agent uses a public RPC provider, that provider may link your wallet usage to an account. Prefer to run against a local or well‑trusted provider or use a signer service that limits scope. - Prefer hardware wallets, delegated signing, or ephemeral accounts for any keys you provide. If the skill must sign transactions, prefer a signer that allows only intended operations instead of exporting a raw private key. - If you need only read operations (query_identity, get_credit_score), prefer to use a watch‑only address or explicit read‑only RPC calls that do not require PRIVATE_KEY. Given the inconsistency and vagueness about execution and key handling, treat this skill as potentially risky until the above clarifications and code inspection are completed.