Skillv1.0.1

ClawScan security

HL Privateer · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousFeb 16, 2026, 11:12 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill appears to do what it says (pay-per-call trading endpoints) but it requires signing on-chain x402 payments (i.e., access to a wallet signing key) while not declaring credential requirements and includes examples that encourage direct private-key usage — this mismatch and potential for secret-handling prompts caution.
Guidance: This package is coherent with its advertised function (paid trading endpoints using x402) but you should be careful before using it: to access most endpoints you must sign x402 payment challenges, which requires a wallet signing key or external signer. The skill does not declare that credential requirement, and its examples show placing a raw private key in code — avoid pasting private keys into an agent or skill. If you want to use this safely: (1) prefer signing with an external wallet or hardware wallet (WalletConnect/hw signer) rather than providing a raw private key to the agent; (2) use an ephemeral wallet funded with only the minimum funds necessary for small test payments; (3) verify the domain and facilitator (api.hlprivateer.xyz and facilitator.payai.network) independently before sending funds; (4) never store long-term secrets in agent-visible config; (5) be cautious about allowing autonomous agents to perform payments — require manual confirmation for signing. If you need stronger assurance, ask the publisher to explicitly declare credential requirements and provide a safer signing integration (e.g., redirect to an external wallet signer) rather than examples that embed private keys.

Review Dimensions

Purpose & Capability: okThe name/description match the provided files: a REST/WebSocket API exposing trading positions, analysis, copy-trade signals gated by x402 payments. Network access to api.hlprivateer.xyz and the x402 payment flow are consistent with the stated purpose.
Instruction Scope: noteInstructions are narrowly scoped to calling the REST/WebSocket endpoints and performing the x402 pay-per-call flow. However, the docs include explicit code examples that require a private key (privateKeyToAccount('0x<your-private-key>')) and show signing client code — which may prompt an agent to request or handle sensitive keys. The SKILL.md does not instruct reading unrelated system files, but the payment flow implicitly requires signing capability.
Install Mechanism: okNo install spec or code is included (instruction-only). Nothing is written to disk by an installer; lowest install risk.
Credentials: concernThe skill does not declare required environment variables or a primary credential, yet its operation requires a wallet/private-key capable of signing x402 payments (or an external signer). The package shows examples that embed private keys in code — a sensitive requirement that is not declared. This is disproportionate only insofar as the skill fails to declare how credentials should be provided and encourages insecure handling.
Persistence & Privilege: okalways is false and there is no instruction to modify other skills or system-wide config. The skill does not request permanent platform-level privileges.