by 安全扫描
OpenClaw
可疑
high confidenceNULL
评估建议
This skill provides read-only analytics and also supports mint/redeem operations that require signing with your XPR private key. Before installing or enabling write actions: 1) Treat XPR_PRIVATE_KEY as extremely sensitive — only supply it if you fully trust the skill and its author. 2) Ask the maintainer to update skill.json and SKILL.md to explicitly list required env vars (XPR_PRIVATE_KEY, XPR_ACCOUNT, XPR_PERMISSION) and describe when they are used. 3) If you only need read-only data, avoid s...详细分析 ▾
⚠ 用途与能力
The skill implements read-only RPC helpers and write tools that sign transactions using a user's XPR private key — this capability matches the described mint/redeem functionality. However, the skill.json manifest declares no required env vars (requires.env is empty) while src/index.ts clearly expects XPR_PRIVATE_KEY, XPR_ACCOUNT, and XPR_PERMISSION. The absence of declared credentials in the manifest is inconsistent and surprising for users.
⚠ 指令范围
SKILL.md documents read-only tools and notes that write tools require confirmation, but it does not document the need to provide a private key/account via environment variables. The code reads process.env.XPR_PRIVATE_KEY and process.env.XPR_ACCOUNT directly for signing; this access to sensitive secrets is not described in the runtime instructions, which is scope mismatch and a user-notice problem.
ℹ 安装机制
There is no install spec (instruction-only), which reduces install risk. The runtime code dynamically imports '@proton/js' for signing — a legitimate dependency for EOS/Proton-style transaction signing — but no dependency/install information is declared in the manifest. This may cause runtime failures or hidden dependency pulls if the environment attempts to install packages automatically.
⚠ 凭证需求
The code requires highly sensitive environment variables (XPR_PRIVATE_KEY and XPR_ACCOUNT) for write operations. That is proportionate to the claimed write capability (signing on-chain), but the skill fails to declare these requirements in skill.json and SKILL.md. Not declaring sensitive credentials is a serious transparency issue: a user could unintentionally provide a key without realizing which skill will use it, or fail to realize the risk of granting signing capability.
✓ 持久化与权限
The skill is not force-included (always: false) and does not attempt to modify other skills or system-wide settings. Autonomous invocation is enabled by default (disable-model-invocation: false) but this is normal; no elevated permanence or cross-skill modifications are present.
安全有层次,运行前请审查代码。
运行时依赖
无特殊依赖
版本
latestv0.2.112026/2/14
NULL
● 可疑
安装命令
点击复制官方npx clawhub@latest install xmd
镜像加速npx clawhub@latest install xmd --registry https://cn.longxiaskill.com✓ 镜像可用