Skillv0.3.6

ClawScan security

CoinFello · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignApr 15, 2026, 5:28 PM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's requirements and runtime instructions are coherent with a CLI that talks to CoinFello (node/npx, API base URL, and optional RPC settings); nothing requested appears unrelated to its stated purpose.
Guidance: This skill appears to do what it says: it runs the CoinFello CLI via npx and stores config and (optionally) signing keys/tokens under ~/.clawdbot/skills/coinfello. Before installing: 1) Verify you trust https://coinfello.com and review the npm package @coinfello/agent-cli (consider using a pinned version instead of @latest). 2) Be aware the tool will store a SIWE session token and may store a plaintext private key only if you use `--use-unsafe-private-key` — avoid that flag in production. 3) The signer daemon caches authentication and opens a user-scoped socket in /tmp; stop the daemon when not needed. 4) Double-check COINFELLO_BASE_URL if you override it so you don't point to a malicious endpoint. 5) Note the registry metadata rendered env entries as [object Object] — confirm the actual env var names (they are listed in SKILL.md).

Review Dimensions

Purpose & Capability: okName/description describe a CoinFello CLI helper. Declared required binaries (node, npx) and the environment variables (COINFELLO_BASE_URL, RPC_BASE_URL, RPC_API_KEY, RPC_URL_OVERRIDE) all match the documented behavior (calling CoinFello APIs and optionally routing RPCs). There are no unrelated credentials or unrelated system paths requested.
Instruction Scope: okSKILL.md instructs the agent to run the npm-hosted CLI via npx to create accounts, SIWE sign-in, manage delegations, and check transactions. The instructions reference only the skill's config files (~/.clawdbot/skills/coinfello/*), the signing daemon socket under /tmp, and the CoinFello API — nothing outside the stated scope (no broad file-system scraping or unrelated credential access).
Install Mechanism: noteThis is instruction-only (no install spec), which minimizes preinstalled footprint. However, the runtime uses `npx @coinfello/agent-cli@latest`, which will download and execute code from the npm registry at runtime; that is expected for this CLI but is a supply-chain consideration. Pinning a specific version rather than `@latest` would reduce risk.
Credentials: okThe optional env vars are proportional to the skill's function: a base API URL and optional RPC endpoints/API key for blockchain RPC routing. No unrelated secrets or multiple unrelated credential sets are requested. Note: the tool will persist a SIWE session token and (only if explicitly requested via `--use-unsafe-private-key`) a plaintext private key in the tool's config file — this is documented and optional.
Persistence & Privilege: noteThe skill persists config and pending-delegation files under the user's home and may run a user-scoped signer daemon that holds an auth context and listens on a Unix socket. These behaviors are consistent with a local signer workflow but are sensitive (session tokens, hardware-backed keys or optional plaintext keys). `always` is false and autonomous invocation is allowed by default (expected).