ClawSkill

The skill claims to be 'open-source mining software' with miner scripts bundled inside the package (inspectable in data/). The provided manifest only contains SKILL.md and package.json — no miner scripts or data/ directory are present. Yet SKILL.md instructs the user/agent to run 'pip install clawskill' or 'npm install -g clawskill', meaning the actual miner would be downloaded from external registries at install time. This mismatch between 'bundled' vs 'downloaded' is incoherent for a skill that claims local verifiability.

The runtime instructions tell the agent to execute system package installs (pip/npm) and then run miner commands that attest hardware and periodically send fingerprinting data to a network node. The SKILL.md asserts strong transparency guarantees (local hashes, consent prompts, no external downloads) but the shipped skill lacks the files that would enable those guarantees. The instructions also do not explain wallet key handling or how attestation data is protected — the skill will collect periodic hardware fingerprints and a wallet identifier and send them to a RustChain node, which is significant telemetry even if not 'credentials'.

There is no install specification in the skill bundle, but SKILL.md directs installation from public package registries (PyPI/npm). This creates a moderate-to-high risk because code will be fetched from the network at install time. SKILL.md's repeated claim that 'All miner scripts are bundled inside the package — no external downloads at install time' contradicts the explicit pip/npm install commands, making the install mechanism claims unreliable.

The skill requests no environment variables or special system config paths, which is proportionate on its face. However, it will create files under ~/.clawskill, create a wallet, and periodically transmit hardware fingerprinting telemetry and a wallet name to remote nodes. The lack of declared credentials is not reassuring here because the telemetry and wallet data handling (private keys, backups, storage security) is unspecified.

The skill is not marked always:true and background service is opt-in per SKILL.md, which is reasonable. However, because the instructions can cause the agent to install and run external software and then perform recurring network attestation, autonomous invocation combined with the ability to fetch and install packages increases blast radius. This combination is noteworthy even though autonomous invocation alone is normal.