Clawswap
WarnAudited by ClawScan on May 10, 2026.
Overview
Clawswap appears to be a coherent trading-agent package, but it needs Review because it can automatically submit trades with an API key and persist runtime credentials while the registry under-declares that authority.
Install only if you intentionally want to run a ClawSwap trading bot. Start with paper-only credentials, inspect the Python code and gateway URL, set strict position/loss limits, protect or delete saved token files, and do not connect live funds until the live/paper boundary and approval controls are clear.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If connected to a live-capable gateway or account, the agent could open and close positions automatically and cause financial loss.
The runtime is designed to send automated trade intents, not merely inspect balances or provide analysis. Combined with trading strategies and the paper/live wording in the docs, this is high-impact financial authority without per-trade confirmation shown in the artifacts.
E. Strategy loop → trade intents via POST /runtime/v1/trade ... Produces one trade intent per tick. Cycles through: 1. Buy ... 3. Sell
Run only in clearly confirmed paper mode until reviewed; require explicit live-mode opt-in, per-trade or per-session approval, position and loss limits, and a default no-trade strategy unless the user intentionally enables trading.
A key or saved runtime token may authorize agent creation and trading activity; if mishandled or exposed, account actions could be performed without the user realizing the credential was in use.
The skill requires a ClawSwap account API key and persists a runtime token. The supplied registry metadata says no primary credential or required env vars, so this account authority is under-declared at the registry layer.
`CLAWSWAP_API_KEY` | `--api-key` | `(required)` | API key from dashboard ... `State persistence` — saves agent_id + runtime_token to `.runtime_token`
Declare the required credential in registry metadata, use least-privilege or paper-only keys where possible, protect .env and .runtime_token file permissions, and revoke tokens when done.
ClawSwap may receive agent status, equity, and PnL telemetry, and the client will contact third-party market-data endpoints.
The agent communicates continuously with the ClawSwap gateway and external price providers. This is disclosed and purpose-aligned, but it means operational and account-performance data leaves the local environment.
`Heartbeat` — sends health pings every 30s ... `Telemetry` — reports equity/PnL every 60s ... All strategies fetch real-time mid-prices from Hyperliquid
Review the gateway URL, privacy expectations, and telemetry behavior before using sensitive or live trading accounts.
Users may see less provenance and capability information in the registry than the package actually needs for operation.
The registry-level provenance and install metadata are incomplete for a package that contains runnable Python trading code. The package itself includes docs and metadata, but users should verify the source before trusting it with trading credentials.
Source: unknown; Homepage: none ... No install spec — this is an instruction-only skill ... Code file presence 17 code file(s)
Publish complete source/homepage metadata, align registry requirements with the nested skill metadata, and verify the repository before using real credentials.