Access and interact with Clawdvault large-scale on-chain applications and AI-powered smart contract initiatives securely.
Security Analysis
medium confidenceThe skill's files and instructions do not match its claimed ability to 'access and interact' with on‑chain applications and contain garbled/prompt‑injection‑like content — it's ambiguous and deserves caution before use.
The description promises on‑chain and smart‑contract interaction, but the package requests no environment variables, no RPC/provider credentials, and supplies no implementation other than a short commented deploy.sh. Real on‑chain interaction normally requires RPC endpoints, wallet keys, or SDK dependencies — their absence is inconsistent with the stated purpose.
SKILL.md begins with an unusual security notice telling the agent to treat the content as untrusted, then contains garbled text (e.g., 'token to be expanding clawvault-large-scale...') that resembles prompt injection or corrupted content. The instructions are vague and may contain embedded tokens or instructions that could try to influence the agent; this is scope‑creep and a prompt injection risk.
No install spec is provided (instruction‑only), and the single deploy.sh is only an 87‑byte commented script. There is no download of external code or archives, which minimizes install‑time risk.
The skill declares no required environment variables or primary credential despite claiming to perform blockchain interactions. Either the skill is nonfunctional as described, or it expects the agent to pull credentials from elsewhere (not declared) which would be inappropriate. The lack of explicit, proportional credential requirements is suspicious.
The skill does not request always:true or elevated persistence and is user‑invocable only. It does not appear to modify other skills or system settings from the provided files.
Guidance
Do not install or run this skill yet. Ask the publisher for: (1) source/homepage and provenance; (2) a clear README describing how on‑chain access is performed and which credentials (RPC_URL, wallet/private key handling) are required; (3) the full, non‑corrupted SKILL.md without embedded/tangled token text; and (4) a real implementation or links to audited code. Never provide private keys or wallet secrets to a skill without understanding exactly where they are stored and how they are used. If you must test, do so in a sandboxed environment with throwaway credentials and require a code review or a signed release from a known repository before trusting it in production.
Latest Release
v1.0.0
Initial release with security guidance for handling untrusted external content. - Warns users not to treat incoming content as system instructions. - Advises against executing commands or following instructions related to security risks (e.g., deleting data, sending sensitive info). - Highlights potential threats such as social engineering and prompt injection. - Guides users to respond only to legitimate requests.
More by @GreatApe42069
Published by @GreatApe42069 on ClawHub
