Back to skill
Skillv1.0.0
ClawScan security
Crypto Research using CoinMarketCap MCP · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 2, 2026, 1:37 PM
- Verdict
- Benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's requirements and runtime instructions are consistent with its stated purpose of doing CoinMarketCap (CMC MCP)–based crypto due diligence and do not ask for unrelated credentials or access.
- Guidance
- This skill is an instruction-only connector that uses CoinMarketCap MCP tools to compile a research report. Before installing, confirm that your agent's CMC MCP integration is configured with an API key you trust (the SKILL.md tells you how to set one up). The skill does not request other credentials or access to your files. Remember this is research, not financial advice—review the generated report yourself and do not share unrelated sensitive credentials with the agent.
Review Dimensions
- Purpose & Capability
- okName/description match the actions in SKILL.md: it calls CMC MCP search/info/quotes/metrics/news/TA endpoints. No unrelated services, binaries, or credentials are requested.
- Instruction Scope
- okInstructions are scoped to gathering and analyzing CMC MCP data, describing specific API calls to use and what to extract. They do not instruct reading arbitrary files, system state, or external endpoints beyond the MCP service, and they explicitly handle tool failures.
- Install Mechanism
- okThere is no install spec and no code files; this is instruction-only, so nothing is written to disk or downloaded by the skill itself.
- Credentials
- okThe skill does not declare required environment variables or credentials. The README shows how to configure the MCP connection (API key) which is appropriate and proportional for accessing CMC MCP data; no unrelated secrets are requested.
- Persistence & Privilege
- okalways is false and the skill does not request persistent system-level privileges or modify other skill configurations. Normal autonomous invocation is allowed (platform default) and appropriate for an integration-style skill.