Oathe Security Badge

Is skill/near-multi-account-manager safe?

https://clawhub.ai/skill/near-multi-account-manager

87
SAFE

The NEAR Multi-Account Manager skill appears to be a legitimate cryptocurrency account management tool with proper encryption and security practices for handling NEAR Protocol accounts. However, it contains concerning development artifacts with hardcoded API keys and external network calls that reduce its trustworthiness.

Category Scores

Prompt Injection 95/100 · 30%
Data Exfiltration 75/100 · 25%
Code Execution 85/100 · 20%
Clone Behavior 90/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 80/100 · 5%

Findings (4)

MEDIUM Development artifacts with external API calls -20

Multiple JavaScript files (submit_deliverable*.js, check_*.js) contain hardcoded API calls to market.near.ai with embedded API key sk_live_iOQS6NKYgLCf8sAcIsjeNpIvsN9ml7fK6CVrfIyPIVs. These appear to be development artifacts for job submission but represent unnecessary external connectivity.

LOW Hardcoded API credentials in unused files -10

Development files contain hardcoded API key that could be a security risk if the external service is compromised. While these files are not executed by the main skill, they represent poor security practices.

LOW Unused external network endpoints -10

Skill contains references to external API endpoints (market.near.ai) that are not part of the core functionality but could potentially be triggered or exploited.

INFO Professional presentation -5

Well-crafted documentation and professional appearance could potentially be used to build false trust, though no actual malicious content detected.