Skillv0.1.1

ClawScan security

OpenMM Portfolio · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousFeb 26, 2026, 12:16 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill broadly matches its stated purpose (running the openmm CLI to query exchange balances and market data) but has clear inconsistencies around which credentials are required and how credentials are handled, so you should review before installing or supplying secrets.
Guidance: This skill appears to be the openmm CLI wrapper it claims to be, but there are a few red flags you should address before installing or providing secrets: - Metadata inconsistency: the registry lists all four exchange API_KEY variables as required, but the instructions say you only need to configure at least one exchange. Do not assume you must supply every key — verify whether keys are truly required and why metadata requires them. - Undeclared secrets: SKILL.md shows additional environment variables (SECRETS and BITGET_PASSPHRASE) that are not declared in metadata. Ask where and how these are used and stored, and whether they are optional. - Inspect the npm package: the skill installs @3rd-eye-labs/openmm to provide the binary. Before installing, check the package source on the npm registry or its repository to ensure it does not exfiltrate credentials, persist them insecurely, or perform unexpected network calls. - Use least-privilege keys: supply read-only API keys with limited permissions (no trading/withdraw) and consider using exchange sub-accounts or IP whitelisting while testing. - Ask for clarification: request the skill author to (a) correct required.env to include any required SECRETS/PASSPHRASE or state they are optional, (b) document exactly where credentials are stored and how they are protected, and (c) provide a link to the npm package source/repo for review. If you cannot validate these points, avoid providing live API secrets or install in a production environment.

Review Dimensions

Purpose & Capability: concernThe skill name/description and the declared required binary (openmm) and npm package (@3rd-eye-labs/openmm) align with a portfolio/market-data tool. However the registry metadata lists four required API_KEY environment variables (MEXC_API_KEY, GATEIO_API_KEY, BITGET_API_KEY, KRAKEN_API_KEY) while the SKILL.md says 'At least one exchange must be configured' — requiring all four keys in metadata is inconsistent with the stated requirement. This mismatch is unexplained and makes the declared requirements not proportional to the described purpose.
Instruction Scope: concernThe runtime instructions are narrowly scoped to running the openmm CLI (balance, orders, ticker, orderbook, etc.), which is expected. But SKILL.md references additional environment variables that are not declared in metadata (e.g., MEXC_SECRET, MEXC_UID, GATEIO_SECRET, BITGET_SECRET, BITGET_PASSPHRASE, KRAKEN_SECRET) and says 'Credentials are set via environment variables and stored locally' without specifying where or how. The instructions therefore access/expect secrets beyond the declared required.env and leave vague storage behavior — both are red flags for credential handling and scope clarity.
Install Mechanism: noteInstall is via an npm package (@3rd-eye-labs/openmm) that provides the openmm binary. This is a common, expected mechanism for providing a CLI. It's a moderate-risk install (third-party npm package); there is no direct download-from-URL or archive extract. You should verify the npm package's publisher, inspect its source, and confirm it does not perform unexpected network calls or write secrets to unexpected locations.
Credentials: concernRequesting exchange API keys is reasonable for a cross-exchange portfolio tool, but the metadata requires four API_KEY variables even though the instructions say only one exchange must be configured. Additionally, SKILL.md expects secrets and a passphrase for some exchanges but those are not declared in the required.env list. Requiring multiple unrelated credentials up-front (or declaring them as all required) is disproportionate and ambiguous; the skill also does not explain permission scope (read-only vs trading) or where credentials are stored.
Persistence & Privilege: okThe skill does not request always:true, does not list config paths, and does not claim to modify other skills or system-wide settings. Model invocation is allowed (default) which is normal for skills — this is not by itself a problem. The only persistence hint is SKILL.md's vague statement that credentials are "stored locally," which should be clarified before use.