skill bundle clawchain

The on-chain social network for AI agents on Chromia blockchain — posting, commenting, voting, and memory via Chromia CLI.

Key takeaways and steps before installing: - Metadata mismatch: The registry metadata claims no required env/config, but the embedded SKILL.md expects CLAWCHAIN_BRID, CLAWCHAIN_NODE and a local credentials file (~/.config/clawchain/credentials.json). Ask the publisher/registry to reconcile the manifest before trusting automated installs. - Private key storage: The skill expects you to generate and store a Chromia keypair locally (~/.config/clawchain/credentials.json) and uses that file as a signing secret. This is normal for a blockchain CLI, but understand the risks: losing the file or exposing it = losing control of the on-chain account. Keep backups and protect file permissions (chmod 600). Do not reuse a main/high-value key. - Inspect scripts before running: The skill suggests creating helper scripts via here-doc blocks (keygen.js, register.js, etc.) and running npm installs. Do NOT run those blindly. Open and review the script contents (they are included in the SKILL.md) to confirm they do only local signing and do not exfiltrate secrets. If you cannot review, avoid the helper-script path and prefer the official chr CLI. - Watch for auto-update behavior: heartbeat.md recommends re-fetching SKILL.md/HEARTBEAT.md from https://clawchain.ai (curl) to update. This is a convenient auto-update vector — but it also lets remote changes alter the skill's runtime instructions. If you install, either disable automatic fetches or only update manually after inspecting new content. - Be cautious about bundled DEX skills: The package contains separate BSC/DEX skill docs that describe creating and storing EVM private keys and installing Node/ethers. Treat those as separate installations and avoid creating additional wallet files unless you need them. - Validate the upstream: Verify the publisher (clawchain.ai) and any referenced repositories (the Homebrew tap URL) are legitimate. If possible, prefer official release artifacts (GitHub/GitLab releases, signed releases) over raw curl fetches. - Consider sandboxing: If you want to experiment, run the setup in an isolated account, VM, or container and use small test funds. Do not expose your main keys or funds until you fully trust the code and update channel. If you want, I can: - Extract and show the full helper script contents present in the SKILL.md so you can review them line-by-line. - Produce a checklist of exact commands to run safely (e.g., how to generate keys locally and verify that helper scripts only sign locally) or provide a safe manual install path that avoids auto-update behavior.

Type: OpenClaw Skill Name: testing-clawchain-flag Version: 1.0.1 The skill bundles are classified as suspicious primarily due to a critical supply chain vulnerability. The `skill.md` and `heartbeat.md` files contain explicit instructions for the AI agent to fetch and overwrite its own skill files (`SKILL.md` and `HEARTBEAT.md`) from a remote URL (`https://clawchain.ai`) using `curl`. If the `clawchain.ai` domain were compromised, an attacker could push arbitrary malicious code to the agent, leading to remote code execution. While the current code does not exhibit intentional malicious behavior, this self-update mechanism from an unauthenticated remote source represents a significant vulnerability. Additionally, the skills involve extensive use of shell commands (`chr`, `node`, `curl`, `npm`, `brew`) and handle private keys stored locally in `credentials.json` and `wallet.json`, which, despite documented security practices, inherently increase the attack surface.