Back to skill
Skillv1.0.0
ClawScan security
Indigo Analytics · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 10, 2026, 10:24 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's documentation and runtime instructions are internally consistent with an analytics-only purpose and it requests no credentials or installs, but it comes from an unknown source so standard caution applies.
- Guidance
- This skill appears coherent for read-only analytics: it defines MCP tools and example workflows without requesting credentials or installing code. However, the package is documentation-only and the actual data access will depend on platform-provided MCP tool implementations and network calls at runtime. Before installing, verify you trust the skill owner (no homepage provided), confirm how the platform implements get_tvl/get_apr/get_dex_yields (which external APIs they call), and ensure the agent is not allowed to access sensitive host files or secrets. If you need stricter assurance, ask for a published source/homepage or a vetted implementation of the MCP tools, and monitor the agent's outbound network requests when first using the skill.
Review Dimensions
- Purpose & Capability
- okName and description match the declared MCP tools and the sub-skill workflows (TVL, protocol stats, APR, DEX yields). There are no unrelated environment variables, binaries, or install steps requested that would be inconsistent with an analytics skill.
- Instruction Scope
- noteSKILL.md and sub-skills only instruct the agent to call MCP tools (get_tvl, get_apr_rewards, get_dex_yields, etc.) and to present/compare results. The skill package includes only documentation; it does not include implementations for the MCP tools, so it implicitly relies on the platform to provide those tool endpoints. The declared allowed-tools (Read, Glob, Grep) could permit filesystem reads at runtime, but the instructions in the skill do not direct reading of arbitrary host files or secrets — they appear intended to read the skill’s own docs and call platform MCP tools. Verify the platform's MCP tool implementations and runtime tool scope before trusting results.
- Install Mechanism
- okInstruction-only skill with no install spec and no downloaded code. Nothing will be written or executed on disk by the skill package itself.
- Credentials
- okThe skill requests no environment variables, credentials, or config paths. The analytics tasks it describes (DefiLlama, Indigo indexer, DEX APIs) typically require no private credentials for read-only queries, so the absence of secrets is proportionate.
- Persistence & Privilege
- okalways is false and model invocation is permitted (platform default). The skill does not request persistent system-level privileges or attempt to modify other skills or global config.