Skillv3.0.2

ClawScan security

Arbitrage Finder · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

BenignMar 24, 2026, 1:11 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: This is a local reference/help skill that prints static documentation; its files, requirements, and instructions are coherent with its stated purpose and ask for no credentials or network access.
Guidance: This skill is a static reference that prints documentation and does not request credentials or perform network I/O — low risk in itself. Before installing or enabling any skill, verify you trust the publisher and review included files; if you plan to let an agent invoke skills autonomously, ensure it only runs non-privileged actions and cannot execute this script with elevated permissions. Note the content is generic devtools documentation (not code that interacts with blockchains) and there are minor version-string mismatches in files which are likely harmless but worth noticing.

Purpose & Capability: noteThe skill is advertised as a blockchain/crypto 'Arbitrage Finder' reference, and its SKILL.md and included shell script are purely documentation output. This is broadly consistent, though the content is generic devtools/reference material rather than code that interacts with blockchains. No external credentials or cloud access are requested, which aligns with a read-only reference tool.
Instruction Scope: okSKILL.md explicitly states commands output plain-text via heredoc with no external API calls or network access. The included scripts/script.sh only prints static help and reference text and does not read other files, environment variables, or send data externally.
Install Mechanism: okThere is no install spec (instruction-only skill) and the only code is a benign shell script. Nothing is downloaded or written to disk by an installer, so install risk is low.
Credentials: okThe skill declares no required environment variables, credentials, or config paths. The script does not read environment variables or secrets, so requested environment access is proportionate (none).
Persistence & Privilege: okalways:false and no special privileges or persistent modifications are requested. The skill does not modify other skills or system configs.