Back to skill
Skillv0.1.0
ClawScan security
Trading Signal · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 7, 2026, 3:19 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's declared purpose (fetching public on‑chain 'smart money' signals) matches what its instructions ask the agent to do — make POST requests to a public Binance Web3 endpoint — and it does not request extra credentials, installs, or filesystem access.
- Guidance
- This skill appears internally consistent: it tells the agent to call a public Binance Web3 endpoint and parse results, and it asks for no secrets or installs. Before installing, consider: 1) Verify the API endpoint is official (check Binance Web3 docs or the publisher) — the SKILL.md claims author 'binance-web3-team' but the registry source/homepage are absent, so the author string could be copy‑pasted. 2) Understand that every invocation will make network requests to the external URL (your agent’s IP and request metadata may be visible to that endpoint). 3) Ask for the full/untruncated SKILL.md or a publisher homepage if you want to confirm there are no additional instructions not shown. If you need absolute assurance, prefer skills published by known/trusted owners or with a verifiable homepage/documentation.
Review Dimensions
- Purpose & Capability
- okName/description (retrieve smart‑money trading signals) aligns with the runtime instructions (POST to a Binance Web3 public API and parse response). There are no unrelated env vars, binaries, or config paths requested.
- Instruction Scope
- noteSKILL.md instructs only to call a single public API endpoint and interpret the returned JSON fields. It does not ask the agent to read files, access secrets, or exfiltrate data. Minor documentation issues: the SKILL.md is truncated in the provided excerpt and contains a small inconsistency about chainId values (mentions both numeric '56' and 'CT_501' for different chains) — not a security problem but worth validating.
- Install Mechanism
- okNo install spec and no code files — instruction‑only skill. This is the lowest risk install model; nothing will be written to disk by the skill itself.
- Credentials
- okSkill requests no environment variables, credentials, or config paths. That is proportionate for a public API read-only integration.
- Persistence & Privilege
- okalways:false and default autonomy settings. The skill does not request elevated persistence or attempt to modify agent/system configuration.