ClawAudit verdict
superrare-deploy
The skill seems to be a deployment tool for SuperRare Sovereign ERC-721 collections, which appears to be a legitimate and useful tool. No obvious security concerns or malicious behavior are detected.
โ Flagged for review โ coarse, uncorroborated signal, not a confirmed exploit. Review the config yourself before installing.
Automated static analysis โ not a human review. ClawAudit flags capabilities, not confirmed intent, and can produce false positives. Disagree with this verdict? Use Dispute below.
Findings (1)
Possible hardcoded credential
scripts/deploy-via-bankr.sh ยท prose ยท downgraded ยท API_KEY="$(resolve_bankr_api_key)
Permissions & capabilities
Requires 1 environment variable. (1 sensitive: BANKR_API_KEY). Requires 3 system binaries. (1 elevated: curl).
Is this flag fair?
Thanks โ recorded.