Skillv1.0.13

ClawScan security

NewsRiver Global Intelligence · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 10, 2026, 3:50 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's instructions and capabilities coherently describe a DeFi intelligence + execution service, but there are metadata inconsistencies and real financial-execution capabilities that warrant caution before enabling or granting autonomous use.
Guidance: This skill can perform real DeFi trades, cross-chain bridges, create agent wallets, and use paid proxies (email/SMS/scrape). Before installing: (1) Clarify the NEWSRIVER_API_KEY mismatch between the registry and SKILL.md. (2) Do not provide private keys; prefer limited, revocable API keys. (3) Test in dry_run/sandbox and with tiny amounts only. SKILL.md examples include a dry_run flag — use it. (4) Restrict or require explicit human approval for any autonomous execution that can move funds or incur payments (X-PAYMENT header / micropayments). (5) Verify the service provider (yieldcircle / agent.yieldcircle.app) and support contact; examine pricing and audit/logging policies. (6) If you are risk-averse, keep this skill disabled for autonomous invocation and only call it manually after reviewing requests the agent will make.

Review Dimensions

Purpose & Capability: noteThe SKILL.md describes a DeFi super-aggregator, cross-chain bridging, historical news/price correlation, proxies (email/SMS/scrape) and TEE-backed agent wallets — all coherent with the stated purpose. However, registry metadata lists no required environment variables while the SKILL.md documents an optional NEWSRIVER_API_KEY; this mismatch (registry says none, documentation lists one) is an inconsistency the maintainer should clarify.
Instruction Scope: noteRuntime instructions are instruction-only curl/API examples that tell an agent how to query analytics and how to execute swaps/bridges/yield/bundles, create wallets, and use paid proxies. The instructions do not tell the agent to read local files or unrelated env vars, but they do enable network calls that can initiate real financial transactions and send data via email/SMS/scrape proxies — so the agent will be able to transmit data externally and move funds if execution is allowed.
Install Mechanism: okNo install spec or code files are present (instruction-only). This is lower-risk from a disk/execution perspective because nothing is downloaded or written by the skill package itself.
Credentials: noteThe registry lists no required environment variables, but SKILL.md documents an optional NEWSRIVER_API_KEY (used for premium/ subscription access). That alone is proportionate. However, the skill supports payments via an X-PAYMENT header (USDC on Base) and Privy-signed agent wallets — meaning monetary value can be moved through the API. The skill does not request private keys in the package, but it can cause charges and on-chain transfers; ensure any API key or payment mechanism you supply is scoped and reversible where possible.
Persistence & Privilege: concernalways is false (good) and there is no install writing files, but the skill is allowed to be invoked autonomously (default). Because the skill exposes transaction/bridge/transfer endpoints and agent wallets, autonomous invocation could cause unintended asset movement or charges. Combine this with the metadata/instruction mismatches and you should tightly control or disable autonomous calls that perform financial operations.