Openclaw Skill
ReviewAudited by ClawScan on May 10, 2026.
Overview
The skill is coherent for Ceaser, but it should be reviewed because it runs an unpinned npm CLI through Bash for high-impact ETH shield/unshield operations.
Install only if you trust Ceaser and the `ceaser-mcp` npm package. Prefer pinning or verifying the package version, start with read-only queries, keep note secrets out of persistent chat/logs, and manually confirm all transaction details before signing or submitting any shield, unshield, or settlement operation.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A compromised or changed npm package could affect commands that help move ETH or handle privacy-note data.
The skill executes the `ceaser-mcp` npm package via npx without pinning a version. Because the runnable package code is not included in the artifacts, the exact code handling financial operations is not reviewable here.
npx -y ceaser-mcp <subcommand> [args]
Pin and verify the npm package version before use, prefer a reviewed local install, and run financial operations only in an environment where you trust the package source.
If used with the wrong proof, amount, or recipient, funds could be withdrawn to an unintended address and blockchain transactions are generally irreversible.
The skill documents a direct API call that submits a valid ZK proof on-chain. This is purpose-aligned, but it is a high-impact blockchain write action.
Submit ZK proof on-chain (gasless settlement) ... curl -s -X POST "https://ceaser.org/settle"
Require explicit user confirmation before any shield, unshield, or settle operation, and verify the recipient, amount, fee, network, and contract address.
A user who signs the wrong transaction could authorize unintended movement of funds.
The artifacts indicate that wallet signing is manual, which is an important user-control boundary, but signing still grants authority over ETH transactions.
"User signs transactions manually (e.g., MetaMask)."
Only sign after checking the wallet prompt carefully, especially chain ID 8453, contract address, amount, recipient, and protocol fee.
If private note material is pasted into chat, logs, or reused across tasks, it could reduce privacy or help someone spend or track funds.
The skill handles Ceaser note-management workflows. Privacy notes and related proof/nullifier material can be sensitive even when the behavior is expected for this protocol.
shield, unshield, note management, and protocol queries
Treat Ceaser notes and proof-generation inputs as secrets; avoid storing them in persistent agent memory or sharing them outside the intended command.