Back to skill
Skillv4.0.0
ClawScan security
Liquidity Monitor · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 23, 2026, 12:46 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill is an instruction/reference bundle that only outputs DeFi documentation; its files and metadata are consistent with that purpose and do not request credentials or perform network/install actions.
- Guidance
- This skill appears coherent and low-risk: it ships documentation and a shell script that prints reference material and does not request credentials or perform network operations. If you plan to install/run it, inspect the full scripts locally (the bundle is small) to confirm there are no unexpected commands (e.g., curl, ssh, wget, exec of user data). Never paste private keys, wallet mnemonics, or secret tokens into prompts when using any skill, and avoid granting wallet or cloud credentials to the agent. If you will run the script on a production machine, consider running it in a sandbox or dev environment first.
Review Dimensions
- Purpose & Capability
- okName/description (DeFi liquidity reference) match the included SKILL.md and scripts: the skill provides reference documentation and calculators for AMMs, Uniswap, Curve, MEV, migration, etc. It does not declare any unrelated capabilities or request unrelated credentials.
- Instruction Scope
- okSKILL.md explicitly states no external API calls or credentials are required. The included scripts (script.sh) generate plain-text reference output via heredocs; the visible portions contain only documentation and diagnostic guidance and do not read files, env vars, or contact external endpoints.
- Install Mechanism
- okNo install spec is provided (instruction-only skill). A bundled script is present but there is no automatic download or extraction of external code, and no post-install actions are declared.
- Credentials
- okThe skill declares no required environment variables, no primary credential, and no config paths. Nothing in the files requests secrets or broad environment access.
- Persistence & Privilege
- okalways is false and the skill does not request persistent/system-level modifications. It does not modify other skills or agent-wide configuration.