Skillv1.0.0

ClawScan security

binance square 币安广场 · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 9, 2026, 4:03 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's functionality (posting to Binance Square) is coherent, but instructions about storing API keys (update the Accounts section in this file) conflict with claims of secure storage and could lead to plaintext credential persistence — this inconsistency is concerning.
Guidance: This skill appears to do what it claims (post text to Binance Square), but it contains a concerning instruction to "update the Accounts section in this file" when a user supplies an API key. Before installing or using it, ask/verify: (1) Will the agent store the API key in plaintext inside SKILL.md or other files? (2) If keys are stored, where and how are they protected (encrypted credential store, platform secret manager, or plain file)? (3) Can you provide an API key scoped only for posting (no trading/withdrawal permissions)? (4) Prefer providing keys via a secure credential manager or ephemeral key; if the skill insists on writing to files, refuse or revoke keys after use. If you cannot confirm secure storage, treat the skill as risky and do not share high-privilege keys.

Review Dimensions

Purpose & Capability: noteThe name/description match the instructions and the documented Binance Square API endpoint. It reasonably needs an X-Square-OpenAPI-Key, and the skill's content-optimization behavior fits the stated purpose. Minor note: no env vars or primary credential are declared even though the skill requires an API key provided interactively.
Instruction Scope: concernMost runtime instructions are appropriate (prompt for API key, polish content, call Binance API, return URL). However, SKILL.md explicitly instructs the agent to "Store provided keys: When user provides a new key, update the Accounts section in this file" — that directs the agent to write credentials or account records into the skill file bundle, which risks persisting secrets in plaintext or editable skill files. The docs also say keys should not be fully displayed, but do not clearly say whether full keys may be written to disk. This is an inconsistent and risky instruction.
Install Mechanism: okInstruction-only skill with no install spec and no code files — lowest installation risk.
Credentials: concernThe only secret needed is the Square API key, which is proportionate. But the skill does not declare any required env vars or a primary credential despite depending on an API key, and it instructs storing account info inside the SKILL.md file. That storage instruction is disproportionate and could expose a secret unnecessarily.
Persistence & Privilege: concernalways:false and no system-wide changes are requested, which is appropriate. However, the skill's instruction to update the Accounts section of its own SKILL.md implies writing persistent data into the skill files. While writing its own config can be acceptable, storing secrets in repo/skill files is a privileged action with notable risk and should be clarified or avoided.