Back to skill
Skillv1.0.3
ClawScan security
cryptofolio · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
SuspiciousMar 9, 2026, 3:27 PM
- Verdict
- suspicious
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill's code and instructions mostly match the described portfolio manager, but there are multiple small inconsistencies and configuration choices (undeclared env vars, a hard-coded default worker token, CORS='*', and a likely path bug for the local web UI) that warrant caution before installing or running.
- Guidance
- Before installing/running: 1) Review the bundled scripts (scripts/cryptofolio.mjs and serve.mjs) locally — the skill will execute these Node scripts. 2) If you use cloud sync, deploy the Cloudflare Worker only after changing the default TOKEN to a strong secret; otherwise the default token is insecure. 3) Be aware the worker template enables CORS '*' and exposes an unauthenticated /api/health endpoint — a leaked token could let others read/overwrite your KV. 4) The skill stores sensitive data in ~/.openclaw/data/cryptofolio.json and an optional config file; consider encrypting backups and do not put private keys or exchange API keys there. 5) Note a probable web-server path bug (serve.mjs expects a web/ folder) — test locally before relying on the UI. If you are not comfortable reviewing or running the bundled Node code, do not install.
Review Dimensions
- Purpose & Capability
- noteThe name/description match the included files: a CLI (scripts/cryptofolio.mjs), a local web server (scripts/serve.mjs) and an optional Cloudflare Worker backend. These components are appropriate for a crypto portfolio manager. Minor mismatch: registry metadata declares no required env vars, yet the CLI supports CRYPTOFOLIO_API_URL and CRYPTOFOLIO_TOKEN via environment variables (and the README/README.md suggests adding them to OpenClaw config).
- Instruction Scope
- noteSKILL.md instructs the agent to run the bundled node scripts and to store data under ~/.openclaw/data/cryptofolio.json — which the code does. Cloud sync is explicitly optional and uses a user-provided Cloudflare Worker URL/token. Points to review: the Cloudflare worker/template uses CORS: '*' and has an unauthenticated /api/health endpoint; the README and worker.js include a default/hard-coded TOKEN placeholder that must be changed by the user. No instructions ask the agent to read unrelated system files or other credentials.
- Install Mechanism
- noteThere is no install spec (instruction-only), but the skill includes executable JS files. That means the skill will run local Node scripts provided in the package when invoked — expected, but you should inspect the bundled scripts before running. Implementation bug: serve.mjs expects a 'web' directory (join(__dirname, '..', 'web')) but the provided index.html is at the repository root; the local server may fail to serve the UI unless files are placed where the server expects.
- Credentials
- concernThe registry lists no required credentials, yet the CLI can read CRYPTOFOLIO_API_URL and CRYPTOFOLIO_TOKEN from environment variables and the README suggests storing them in OpenClaw config. The Cloudflare worker template contains a hard-coded TOKEN value by default (placeholder 'your-secret-token'); if someone deploys without changing it, that weak/known token could be abused. The worker also sets Access-Control-Allow-Origin: '*' which increases exposure of the endpoint if the token is leaked.
- Persistence & Privilege
- okThe skill is not always-enabled and is user-invocable. It stores data under ~/.openclaw/data (its own area) and writes its own config file there; it doesn't request system-wide privileges or alter other skills. Autonomous invocation is allowed by default but not a new privilege here.