ClawAudit verdict
nft
xpr-nft
The skill provides full NFT lifecycle tools for AtomicAssets/AtomicMarket on XPR Network and does not exhibit any malicious or deceptive behavior.
โ Flagged for review โ coarse, uncorroborated signal, not a confirmed exploit. Review the config yourself before installing.
Automated static analysis โ not a human review. ClawAudit flags capabilities, not confirmed intent, and can produce false positives. Disagree with this verdict? Use Dispute below.
Permission integrity
file_read
Findings (2)
Dynamic import() โ loads module at runtime
src/index.ts ยท prose ยท downgraded ยท import('
Accesses sensitive environment variables
src/index.ts ยท prose ยท downgraded ยท process.env.XPR_PRIVATE_KEY
Permissions & capabilities
No declared permissions โ minimal attack surface.
file_read Is this flag fair?
Thanks โ recorded.