Skillv1.2.3

ClawScan security

Ai Tor v69 · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousFeb 25, 2026, 4:04 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's prose claims broad on-chain, database and 'neutrino' scanning capabilities but provides no declared credentials, concrete tool bindings, or concrete I/O boundaries—this mismatch and the vague, open-ended instructions merit caution.
Guidance: This skill's documentation promises broad analysis of on-chain data and Supabase plus a vague 'Deep Neutrino Scan' but doesn't list any required credentials or concrete endpoints. Before installing: (1) ask the author to document exactly what external tools/endpoints (SYS_OS // v69) it calls and what credentials—if any—are required; (2) do not expose production API keys or database credentials to the agent; test the skill in a restricted environment first; (3) if you plan to enable it to access on-chain or DB data, provide only least-privilege, time-limited credentials and audit the agent's network activity; and (4) request clarification on what 'scan over the code' means and which file paths the skill may read so you can ensure it won't access unrelated secrets. The shipped code is small and inert, but the SKILL.md is vague and assumes capabilities that are not declared—treat this as potentially risky until clarified.

Review Dimensions

Purpose & Capability: concernThe name/description promise autonomous on-chain/DAO and Supabase analysis plus a 'Deep Neutrino Scan', but the package declares no environment variables, no required binaries, and no concrete API endpoints. If the skill truly needs DB or Web3 access it would ordinarily request RPC URLs, API keys, or similar; their absence is an unexplained mismatch.
Instruction Scope: concernSKILL.md instructs the agent to run a 'Deep Neutrino Scan' over code, to 'scan transparency on-chain' and to act when external tools from 'SYS_OS // v69' are activated. Those instructions are vague and grant broad discretion to read/scan code and external sources without enumerating limits or allowed paths, which could lead to accessing files or secrets outside the skill's stated remit.
Install Mechanism: okNo install spec is present (instruction-only), and the included skill.js is a tiny, benign module that returns a canned string. There is no download/extract/install behavior to inspect.
Credentials: concernThe SKILL.md references Supabase and on-chain scanning and includes a note to not reveal API keys, which implies the skill may operate in contexts where secrets are available—but the manifest lists no required credentials. This mismatch is suspicious because it either assumes access to unrelated credentials or fails to declare what it needs.
Persistence & Privilege: okalways is false (no forced inclusion) and the skill does not request system-wide config changes or extra privileges. Autonomous invocation is allowed by default but is not combined with other high-privilege requests here.