Skillv2.6.0

ClawScan security

KryptoGO Meme Trader · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignApr 20, 2026, 7:46 AM

Verdict: Benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's requirements and scripts are consistent with a trading agent: it legitimately needs an API key, wallet address, and private key and performs local signing and HTTP calls to the stated backend — but it will store and use your private key and can be configured to execute trades automatically, so review and use a dedicated low-value wallet.
Guidance: This skill appears internally consistent for automated trading, but it handles highly sensitive secrets and can be configured to execute trades automatically. Before installing: (1) review the code yourself or have a trusted reviewer confirm there are no hidden network endpoints; (2) use a dedicated low-value wallet (the authors also recommend this) and limit funds there; (3) understand that setup.py will write a private key to ~/.openclaw/workspace/.env — protect that file and consider alternative key storage if you prefer; (4) if you enable cron/autonomous mode, verify cron messages and confirm trade_confirmation settings; (5) be aware of runtime pip installs from PyPI (supply-chain risk) and prefer pre-installed vetted packages in controlled environments; (6) never paste keys into chat and follow the documented guidance for sourcing .env before running scripts.
Findings: [subprocess-run] expected: Multiple scripts call subprocess.run to invoke swap.py and other utilities. Expected: external swap execution and cron glue require subprocess invocation. [http-requests_to_wallet-data.kryptogo.app] expected: Scripts make HTTPS calls to wallet-data.kryptogo.app for portfolio, swap build, token-overview, and submit endpoints. This is the declared API backend and is expected. [writes-dotenv] expected: setup.py writes SOLANA_PRIVATE_KEY and SOLANA_WALLET_ADDRESS into ~/.openclaw/workspace/.env and sets 600 permissions. The skill explicitly requested filesystem write permission; this is necessary but sensitive. [runtime-pip-install] expected: setup.py may pip-install 'solders' and 'requests' at runtime. This is declared in the metadata; installing packages from PyPI is typical but carries standard supply-chain considerations. [local-key-use] expected: swap.py uses the SOLANA_PRIVATE_KEY env var to sign transactions locally via the 'solders' library. Local signing is intended and documented; storing the key in .env and loading into the process environment is how the skill operates.

Review Dimensions

Purpose & Capability: okName/description (meme-coin analysis + trading) aligns with requested binaries (python3, pip, openclaw), API host (wallet-data.kryptogo.app), and env vars (KRYPTOGO_API_KEY, SOLANA_PRIVATE_KEY, SOLANA_WALLET_ADDRESS). Filesystem writes to ~/.openclaw/workspace/.env and memory/ are justified by setup and journaling. No unrelated credentials or binaries requested.
Instruction Scope: okSKILL.md and included scripts instruct the agent to call the declared API host, source a local .env, run local Python scripts, and write trading journal/memory files. All file reads/writes and network calls are within the trading domain. The only script that reads/writes the .env file is setup.py, matching the documentation. Cron messages and monitoring scripts explicitly limit auto-execution (supervised by default) and warn about autonomous mode.
Install Mechanism: noteNo centralized install spec; the package is instruction+script-based. setup.py will pip-install 'solders' and 'requests' at runtime if missing. Runtime pip installs from PyPI are common but carry moderate supply-chain risk — there are no opaque downloads or external archives in the manifest.
Credentials: okRequired env vars (KRYPTOGO_API_KEY, SOLANA_PRIVATE_KEY, SOLANA_WALLET_ADDRESS) are appropriate for an on-chain trading agent that performs local signing. The skill explicitly documents that the private key is stored in ~/.openclaw/workspace/.env and accessed via environment variables. Requested filesystem permissions to write .env and memory/ are proportionate, but storing a private key on disk is sensitive and worth explicit caution.
Persistence & Privilege: notealways:false (no forced always-on). The skill can be invoked autonomously by default (platform norm) and provides opt-in autonomous-trading cron setups. This is expected for a trading agent, but combined with stored private keys and cron jobs it increases operational risk if misconfigured — the skill's metadata and scripts do provide supervised defaults and trade-confirmation policies.