Coinbase
Security checks across static analysis, malware telemetry, and agentic risk
Overview
The provided artifacts show a no-code crypto risk-governance advice skill, not a trading or wallet-access tool, but users should treat it as unaffiliated educational guidance.
Install only if you want general crypto governance and recordkeeping guidance. Do not treat it as official Coinbase support or regulated tax, legal, or investment advice, and avoid sharing secrets such as seed phrases, private keys, passwords, API keys, or exact wallet identifiers unless truly necessary.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A user might over-trust the skill as official Coinbase or professional financial guidance when it is only an instruction-only advisory skill from an unknown source.
The skill uses a source-specific, brand-like name in a sensitive crypto-finance context while the registry metadata does not show official provenance. The artifacts do not claim official status or request credentials, so this is a trust/provenance note rather than a concern.
Name: Coinbase ... Source: unknown ... Homepage: none
Treat the skill as unaffiliated educational guidance, verify any custody, tax, or legal decisions with qualified professionals, and do not share private keys, seed phrases, API keys, or unnecessary identifying wallet details.