smartclaws-reader
Pass
Audited by Gen Agent Trust Hub on Apr 10, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Fetches a binary CLI tool from the vendor's official GitHub repository (skalenetwork/smartclaws).
- [COMMAND_EXECUTION]: Installs the CLI tool to system paths and executes it via shell commands and Python scripts to query blockchain data.
- [PROMPT_INJECTION]: The skill processes data from the SKALE blockchain which is an external, untrusted source.
- Ingestion points: Blockchain message payloads fetched via 'smartclaws read' in SKILL.md.
- Boundary markers: No delimiters or ignore-instructions are used when processing the on-chain data.
- Capability inventory: Shell command execution (curl, chmod), binary execution (smartclaws), and Python script execution (subprocess.run).
- Sanitization: No explicit sanitization or validation of the on-chain payload content is performed before answering user questions.
Audit Metadata