ClawAudit verdict
aisp
45
๐ Risky
Significant concerns โ only install if you understand the risks
This skill executes real on-chain USDC financial transactions (fund, settle, revokeAndRefund) and brokers live Venice API keys through a marketplace, involving actual crypto wallet signing and escrow operations that carry real financial risk.
โ Flagged for review โ coarse, uncorroborated signal, not a confirmed exploit. Review the config yourself before installing.
Automated static analysis โ not a human review. ClawAudit flags capabilities, not confirmed intent, and can produce false positives. Disagree with this verdict? Use Dispute below.
70
security
90
transparency
90
maintenance
Findings (1)
Pattern match critical
Possible hardcoded credential
SKILL.md ยท code ยท apiKey: "vn-scoped-...
Permissions & capabilities
Requires 1 environment variable.
credential_access Is this flag fair?
Thanks โ recorded.