Back to skill
Skillv0.1.0
ClawScan security
Cavos Cli · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignFeb 11, 2026, 5:07 PM
- Verdict
- Benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's requirements and instructions are coherent with a Cavos CLI wrapper for Starknet wallet operations; it is instruction-only and asks the agent to run npx @cavos/cli commands, which matches the described purpose.
- Guidance
- This skill is coherent for controlling a Cavos/Starknet wallet via the @cavos/cli, but note: npx will download and execute the @cavos/cli package from npm at runtime — verify the package name, publisher, and version before running. Do not paste session tokens, private keys, or other secrets into chat; supply them only to the CLI in a secure context. Before sending transfers/approvals, double-check addresses and amounts and consider running simulate/estimate first. If you prefer more control, install @cavos/cli locally from a verified source and run it directly rather than via npx.
Review Dimensions
- Purpose & Capability
- okName/description (Cavos CLI for Starknet wallet ops) matches the required binary (npx) and the SKILL.md commands (npx @cavos/cli). There are no unexpected credentials, binaries, or config paths requested.
- Instruction Scope
- okSKILL.md only instructs running specific cavos CLI commands (whoami, balance, transfer, execute, etc.) and to use --json. It does not instruct reading unrelated files or environment variables. It does mention importing a session token provided from the Dashboard (expected for auth).
- Install Mechanism
- noteNo install spec (instruction-only), which is low-risk. However, the runtime commands use npx to fetch and execute @cavos/cli from the npm registry on demand — that implicitly downloads and runs remote code. This is expected for an npx-based CLI but is a material runtime action the user should be aware of.
- Credentials
- okThe skill declares no required env vars or credentials. That aligns with the instructions, which expect an explicit session token to be provided when running session import. There is no hidden request for unrelated secrets or external credentials.
- Persistence & Privilege
- okalways is false and the skill has no install step that modifies system or agent-wide settings. It does not request persistent privileges or modify other skills' configs.