Skillv1.0.0

ClawScan security

portfolio tracking · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousFeb 23, 2026, 9:00 AM

Verdict: suspicious
Confidence: high
Model: gpt-5-mini
Summary: The skill mostly does what it says (local data storage and local CLI scripts) but its documentation claims 'no data is sent to any server' while the shipped scripts call external services (Binance, CoinGecko/Yahoo, and hard-coded RPC providers), and API keys are stored plaintext in ~/.portfolio-tracker — this mismatch and privacy leakage risk warrant caution.
Guidance: This skill largely matches its stated purpose — local CLI scripts that read/write ~/.portfolio-tracker — but there are important caveats you should consider before installing: - The code performs network calls. Syncing requires contacting Binance (using the API key/secret you provide), IBKR, price providers (CoinGecko/Yahoo), and public EVM RPC endpoints (e.g., eth.llamarpc.com). If you expect complete offline/local operation, that expectation is incorrect. - API keys and IBKR tokens are stored unencrypted in ~/.portfolio-tracker/config.json. The skill suggests chmod 600, which helps, but the secret remains plaintext on disk. Use only read-only Binance keys and consider whether you want secrets stored there. - Public RPC providers will see wallet addresses you query. If you are privacy-sensitive about addresses queried (e.g., connecting a hot wallet), consider pointing the code to your own RPC node or a privacy-respecting provider. - The install step requires running npm install in the scripts folder; that pulls packages from the public npm registry (ethers, etc.). If you want higher assurance, review the package-lock and audit dependencies before installing. - If you proceed: review the source files (already included), run in a sandboxed environment if possible, create read-only exchange keys, set tight file permissions on ~/.portfolio-tracker/config.json, and verify/change the hard-coded RPC endpoints if you prefer different providers. If you want, I can: (a) point out exact lines where network calls occur, (b) show how to modify the RPC endpoints to a provider you trust, or (c) produce a secure checklist for creating read-only keys and safely storing them.

Review Dimensions

Purpose & Capability: concernThe skill's name/description promise a 'local' tracker with data kept under ~/.portfolio-tracker. The code and runtime instructions do persist data there, but the implementation also makes numerous outbound network calls (Binance APIs for account sync, price providers, and hard-coded EVM RPC endpoints such as https://eth.llamarpc.com). The README/SKILL.md claim 'No data is sent to any server' is therefore inaccurate.
Instruction Scope: concernSKILL.md instructs the agent to run local scripts (via npx tsx) and to save API credentials into ~/.portfolio-tracker/config.json. The scripts explicitly perform network operations: signed requests to Binance, IBKR Flex Query use, CoinGecko/Yahoo price fetches, and querying public RPC nodes for wallet balances. There are no instructions to read unrelated system files or environment variables, but the instructions understate external communications and the privacy implications of querying third-party RPC endpoints.
Install Mechanism: noteThis is instruction-only (no packaged installer) but the SKILL.md requires running npm install in <skill-path>/scripts. The package-lock shows dependencies pulled from npm (ethers, fast-xml-parser, tsx, etc.). Installing via npm is expected for TypeScript scripts and the sources come from public registries, not arbitrary download URLs. This is a standard but non-trivial footprint (node_modules) to be installed locally.
Credentials: concernThe skill requests no environment variables but asks users to input sensitive credentials (Binance API key/secret, IBKR token/queryId, wallet addresses) which are stored in plaintext in ~/.portfolio-tracker/config.json. Requesting these secrets is proportional to the functionality, but storing them unencrypted on disk and the README's misleading claim about 'no data sent' are concerning. Additionally, hard-coded RPC endpoints mean wallet addresses and balance queries are visible to those RPC providers.
Persistence & Privilege: okThe skill does not request always:true, does not modify other skills, and only writes to its own local data/config files under ~/.portfolio-tracker. It does not self-enable or persist beyond its own files in an unusual way.