Back to skill
Skillv1.0.0
ClawScan security
NexusFIX Development Expert · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 19, 2026, 12:54 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill is an instruction-only C++ FIX development guide whose declared purpose, instructions, and requirements are internally consistent and do not request excessive privileges or credentials.
- Guidance
- This skill is a coherent, instruction-only C++ FIX development guide and does not request credentials or install code. Before using: (1) verify the referenced GitHub repository and its license/contents if you plan to copy code; (2) review any generated network-facing code (connect/send examples) carefully before running against live brokers — test in a sandbox; (3) validate that generated code meets your safety/compliance requirements for trading systems (error handling, authentication, rate limiting); (4) if you need stronger trust, ask the publisher for provenance or a signed release. No immediate technical red flags were found.
Review Dimensions
- Purpose & Capability
- okThe name and description (C++ NexusFIX FIX-protocol guidance) match the SKILL.md content: architecture notes, coding patterns, examples, and verification steps. There are no unrelated required binaries, env vars, or config paths.
- Instruction Scope
- okSKILL.md contains coding guidance, examples, and strict style/constraint rules for generated C++ code. It does not instruct the agent to read local files, access secrets, call external endpoints, or transmit user data. References to skill_view are internal pointers; the GitHub URL is informational only.
- Install Mechanism
- okNo install spec or code files are present; this is instruction-only so nothing is downloaded or written to disk by the skill itself.
- Credentials
- okThe skill requests no environment variables, credentials, or config paths — appropriate for a documentation/instruction-only coding assistant.
- Persistence & Privilege
- okThe skill is not always-enabled and does not request system-wide persistence or modifications to other skills. It allows normal autonomous invocation (platform default) but that is not a concern given the limited scope and lack of sensitive access.