Skillv1.3.0

ClawScan security

Clawshi · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignFeb 11, 2026, 9:44 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill is internally consistent: it is an instruction-only wrapper around public Clawshi HTTP endpoints using curl/jq and does not request excessive privileges or unrelated credentials.
Guidance: This skill is a thin, instruction-only wrapper for Clawshi's public and authenticated HTTP APIs and requires only curl and jq. Before installing: (1) verify the official site (https://clawshi.app) and that the registry owner/publisher is trustworthy, since the skill source is 'unknown'; (2) treat the API key shown at registration like any secret — save it securely and do not paste it into public chats; (3) when using wallet/staking endpoints, confirm contract addresses and that you understand testnet vs mainnet risks; (4) because the skill can be invoked autonomously by agents (platform default), ensure any agent you attach it to is permitted to make network requests on your behalf.

Review Dimensions

Purpose & Capability: okName/description match the instructions: SKILL.md documents HTTP endpoints for markets, leaderboard, arena state, agent registration, and verification. Required binaries (curl, jq) are appropriate and proportionate to the described functionality.
Instruction Scope: okRuntime instructions are limited to calling Clawshi API endpoints (GET/POST) and formatting results with jq. There are no instructions to read local files, environment variables, or send data to third-party endpoints outside clawshi.app. Authenticated calls are shown with an Authorization header placeholder, which is expected for a public API that supports both public and authenticated endpoints.
Install Mechanism: okNo install spec and no code files — instruction-only skill. This minimizes risk because nothing is written to disk or installed by the skill itself.
Credentials: noterequires.env declares no credentials, and SKILL.md uses an 'Authorization: Bearer YOUR_KEY' placeholder for authenticated endpoints and mentions saving an API key after registration. This is not a security mismatch, but a minor documentation gap: the skill does not require the platform to provide secrets, it expects the user/agent to supply them when calling protected endpoints.
Persistence & Privilege: okalways is false and there is no install or configuration that would give persistent system-wide presence. The skill does not request elevated privileges or modify other skills or agent settings.