Back to skill
Skillv0.1.0
ClawScan security
OpenMM Exchange Setup · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignFeb 25, 2026, 4:39 PM
- Verdict
- Benign
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill's instructions and requirements are coherent with its stated purpose (configuring exchange API credentials for OpenMM), but it relies on an npm package you should verify and gives examples that could encourage unsafe secret storage.
- Guidance
- This skill is coherent for configuring OpenMM exchange credentials, but take these precautions before installing or using it: 1) Verify the npm package publisher and inspect the package (or its repository) before installing globally; do not blindly trust a scoped package without checking its source. 2) Prefer storing keys in a secure secret manager or environment variables rather than embedding them in JSON config files; never commit files containing keys. 3) Use least-privilege API keys (disable withdrawals, restrict to required permissions, and use IP whitelisting). 4) For troubleshooting commands that require privileges (e.g., 'sudo ntpdate'), prefer safer, documented time-sync methods for your OS and avoid running privileged commands without understanding them. 5) Test with low-value accounts/keys first and rotate keys after use. If you can provide the package repository or a link to the npm page for @3rd-eye-labs/openmm, I can raise or lower my confidence and re-evaluate the install risk.
Review Dimensions
- Purpose & Capability
- okName/description (OpenMM exchange setup) aligns with required binary 'openmm' and the npm install of @3rd-eye-labs/openmm which provides that binary. Required env vars and CLI commands in SKILL.md are appropriate for configuring exchange API keys.
- Instruction Scope
- noteThe SKILL.md stays within the setup/troubleshooting scope (creating keys, exporting env vars, testing balance/ticker calls). However, it includes an example that embeds API keys directly in an MCP client JSON (risk of accidental commit/exposure) and recommends running system commands like 'sudo ntpdate' (a privileged action) without guidance on safer alternatives. The instructions do not request unrelated files or credentials.
- Install Mechanism
- noteInstall uses an npm scoped package (@3rd-eye-labs/openmm) that creates an 'openmm' binary. npm installs are a common, traceable choice but carry moderate risk because package contents and publisher trust matter; there are no code files in the skill to review and no authoritative upstream URL provided in metadata.
- Credentials
- okThe environment variables the skill asks you to set are exactly the exchange API keys/passphrases needed for the supported exchanges. That is proportionate. Caution: the skill's examples show placing secrets in a JSON config, which increases risk of leakage if the file is committed or shared.
- Persistence & Privilege
- okSkill does not request elevated privileges, does not set always:true, and asks for no system config paths. No persistent or privileged system changes are requested in the instructions.