Back to skill
Skillv1.0.0
ClawScan security
K3 Blockhain Agent Skill · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignFeb 19, 2026, 12:47 PM
- Verdict
- Benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's requirements and runtime instructions align with a K3 workflow builder for blockchain analysis; it requests no unrelated credentials or installs and is internally consistent.
- Guidance
- This skill appears coherent for building K3 blockchain workflows, but it can create workflows that execute on-chain actions or send data externally — which can move real funds or leak data if misconfigured. Before installing or enabling it: (1) Confirm that your team’s K3/MCP integrations are trusted and review their scopes (Telegram bot tokens, email integrations, TheGraph, node providers). (2) Require explicit user confirmation for any workflows that include Write Smart Contract / Token Transfer / Uniswap steps; set spending limits and require manual approval. (3) Test generated workflows on a testnet or with read-only configurations first. (4) Avoid supplying private keys or secrets directly to the skill — attach credentials only via your team's secure MCP integrations. (5) Review audit logs and who can call generateWorkflow/executeWorkflow in your org. If you need higher assurance, ask the skill author for provenance (source/homepage) and a minimal example workflow demonstrating read-only behavior.
- Findings
[no_scan_findings] expected: The package is instruction-only with no code files, so the regex scanner had nothing to analyze. This is expected for an SKILL.md-only skill; manual review of the instructions is the primary signal.
Review Dimensions
- Purpose & Capability
- okThe name/description (K3 blockchain workflow builder) match the SKILL.md: it describes building workflows, calling K3 MCP functions (generateWorkflow, executeWorkflow, etc.), selecting data sources, and deploying workflows. It does not request unrelated binaries, environment variables, or config paths.
- Instruction Scope
- noteThe instructions stay within the stated domain (discover integrations, choose Read/Write/AI nodes, test, deploy). They explicitly include actions that can have real financial impact (Write Smart Contract, Uniswap trades, Token Transfer) and call for user confirmation and safeguards; this is expected for a workflow builder but worth attention because deployed workflows can execute on-chain actions.
- Install Mechanism
- okNo install spec and no code files — the skill is instruction-only. That is the lowest-risk install mechanism and matches the skill's description.
- Credentials
- okThe skill declares no required environment variables or primary credential. It documents that some MCP integrations (Email, Telegram, TheGraph, CoinGecko, etc.) may need team-side configuration, which is appropriate for its purpose. It does not ask the agent to read unrelated secrets or local config.
- Persistence & Privilege
- okalways is false and the skill is user-invocable. Autonomous model invocation (disable-model-invocation:false) is platform-default; nothing here grants excessive or permanent system-wide privileges. The skill does describe using K3 APIs that require appropriate MCP permissions — those permissions should be reviewed before use.