v0.2.1

Clawswap

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 6:14 AM.

Analysis

This skill is coherent for ClawSwap trading, but it can run an autonomous trading agent using account credentials and a saved runtime token, so it should be reviewed carefully before installation.

GuidanceTreat this as a Review install: only use it if you are comfortable letting a local Python trading agent use a ClawSwap key, submit strategy-driven trades, and save a runtime token. Test with backtests or paper mode first, confirm live trading behavior before connecting funds, use a limited/revocable key, monitor the process, and remove `.runtime_token` or revoke access when finished.

Findings (5)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation

SeverityHighConfidenceHighStatusConcern

clawswap/SKILL.md

Use when the user wants to start runtime trading (paper/live gateway runtime protocol)... Strategy loop — fetches live prices from Hyperliquid, runs your strategy, submits trades

The skill explicitly runs an automated strategy that submits trades, including a paper/live runtime context; this is high-impact and the artifacts do not describe per-trade user approval or hard trading limits.

User impactIf connected to a live-capable account, the agent could open or close positions and change account state automatically.

RecommendationStart only in paper/backtest mode, verify whether live trading is disabled, use a restricted or dedicated key/account, set external risk limits, and monitor the runtime while it is active.

Rogue Agents

SeverityMediumConfidenceHighStatusNote

clawswap/SKILL.md

Heartbeat — sends health pings every 30s ... Telemetry — reports equity/PnL every 60s ... Reconnect — auto-recovers after token rotation; exits cleanly on revoke

The long-running runtime, heartbeat, telemetry, and reconnect behavior are disclosed and purpose-aligned, but users should notice that the agent is designed to keep operating until stopped or revoked.

User impactThe trading client may continue sending status, telemetry, and trade intents while the process is running.

RecommendationRun it in a visible terminal or supervised service, know how to stop it, and revoke the agent/key if you want to terminate access.

Agentic Supply Chain Vulnerabilities

SeverityLowConfidenceHighStatusNote

metadata

Source: unknown; Homepage: none ... Required env vars: none ... Primary credential: none

The registry-level metadata does not expose source/provenance or the credential/runtime requirements that the package documentation later declares.

User impactA user relying only on registry metadata may underestimate the prerequisites and account access involved.

RecommendationVerify the package source and ClawSwap identity before providing credentials or running the Python client.

Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse

SeverityHighConfidenceHighStatusConcern

clawswap/SKILL.md

`CLAWSWAP_API_KEY` | `--api-key` | `(required)` | API key from dashboard ... State persistence — saves agent_id + runtime_token to `.runtime_token`

The skill requires a ClawSwap account credential and stores a delegated runtime token for reconnection; registry-level metadata says no primary credential is required, so the credential boundary is under-disclosed.

User impactA saved runtime token or API key could allow continued account access by the local runtime until the token/key is revoked.

RecommendationUse a least-privilege ClawSwap key, rotate or revoke it after testing, protect the skill directory, and delete `.runtime_token` when you no longer want the agent connected.

Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Insecure Inter-Agent Communication

SeverityMediumConfidenceHighStatusNote

clawswap/SKILL.md

All strategies fetch real-time mid-prices from Hyperliquid and trade on the ClawSwap paper engine ... Telemetry — reports equity/PnL every 60s

The skill discloses external provider/gateway communications, including price queries and financial telemetry; this is expected for the purpose but involves sensitive trading/account information.

User impactClawSwap receives runtime/trading telemetry, and Hyperliquid receives price-query traffic from the runtime.

RecommendationReview ClawSwap and Hyperliquid privacy/security expectations before connecting an account, especially if strategy results or PnL are sensitive.