Back to skill
Skillv1.0.0
ClawScan security
Coinbase · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 10, 2026, 7:36 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- This is an instruction-only advisory skill for institutional-style crypto governance; it requests no credentials, installs nothing, and its instructions align with its stated purpose.
- Guidance
- This skill is an instruction-only advisory tool and appears internally consistent with its stated purpose. Before installing or using: (1) do not share private keys, seed phrases, or any credentials — the skill never needs them; (2) be cautious sharing highly sensitive or identifying portfolio details unless you trust the environment; (3) remember outputs are advisory and may be incomplete or hallucinated — verify governance, tax, and legal recommendations with qualified professionals; (4) note the skill name matches a well-known company but the package appears community-authored—treat it as third-party guidance rather than an official vendor tool.
Review Dimensions
- Purpose & Capability
- okName/description and declared capabilities (custody, risk isolation, tax-aware discipline) match the SKILL.md content. The skill does not request unrelated credentials or binaries.
- Instruction Scope
- okRuntime instructions are limited to parsing user-supplied portfolio/context, assessing governance, identifying fragility, and recommending structure. The SKILL.md does not instruct the agent to read system files, access environment variables, call external endpoints, or execute trades/transfers.
- Install Mechanism
- okNo install spec and no code files — instruction-only skill. Nothing is written to disk or downloaded during install.
- Credentials
- okThe skill declares no required environment variables, no primary credential, and no config paths. The kinds of inputs it asks the user to provide (portfolio size, custody locations, etc.) are proportional to its advisory function.
- Persistence & Privilege
- okalways is false and normal agent invocation/autonomy is permitted (platform default). The skill does not request permanent presence or modify other skills/system settings.