Skillv0.5.0

ClawScan security

Katbot Trading · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignApr 19, 2026, 11:57 PM

Verdict: Benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's code, runtime instructions, and requested secret (agent private key) are coherent with a Hyperliquid trading integration; nothing appears designed to do unrelated or hidden work, but it will store an agent key and tokens locally and can execute trades if configured to do so.
Guidance: This skill appears to be what it says: a Katbot.ai client that can monitor signals and (with your agent key) place trades on Hyperliquid. Before installing, consider the following: - Only enable live trading for portfolios you trust the agent to manage. Prefer HL_PAPER (paper trading) while testing. - Protect the agent private key: the onboarding saves it to ~/.openclaw/workspace/katbot-identity/katbot_secrets.json (mode 600). Do not share that file or export the key into shared environments. - The onboarding asks you to paste your wallet private key to perform SIWE; it states the wallet key is not saved to disk. If you are uncomfortable pasting that key, you can run onboarding on a trusted machine or skip and rely on tokens. - The trigger setup includes an auto_execute_trade option. Keep this false unless you fully understand and accept the risk of unattended trades. - The scripts will run pip install -r requirements.txt (eth-account, requests) — review and control network/policy for installs if needed. - Review or run the scripts in a sandbox or with a test account first (paper trading) to verify behavior and endpoint (default https://api.katbot.ai). If you want extra assurance, ask the publisher for the canonical homepage or source repo (not provided in the metadata) and validate the API base URL, or audit the included scripts locally before running.

Review Dimensions

Purpose & Capability: okName/description (live trading on Hyperliquid via Katbot.ai) match the code and runtime behavior. Required binaries (python3, openclaw) and dependencies (eth-account, requests) are appropriate for wallet signing, HTTP API calls, and sending OpenClaw alerts. The single declared credential (KATBOT_HL_AGENT_PRIVATE_KEY) is relevant for trading operations.
Instruction Scope: noteSKILL.md and the included scripts restrict their actions to onboarding, reading market-intel, running research, producing recommendations, and executing trades. The onboarding script asks interactively for a wallet private key (used in-memory for SIWE) and saves an agent private key to a local secrets file; market-intel and trade API calls go to the configured API host (default api.katbot.ai). No instructions ask the agent to read unrelated system files, shell history, or to exfiltrate arbitrary data. Note: trigger setup writes config and state under ~/.openclaw/workspace and scripts call the openclaw CLI for alert delivery.
Install Mechanism: okThere is no registry-level install spec, but the skill provides a local ensure_env.sh that runs pip install -r requirements.txt; the packages are standard (eth-account, requests) and are installed from PyPI. No arbitrary binary downloads or extract-from-URL steps are used.
Credentials: noteThe declared primary credential (KATBOT_HL_AGENT_PRIVATE_KEY) is appropriate for live trading. The code will accept that key from either the environment or a local secrets file (~/.openclaw/workspace/katbot-identity/katbot_secrets.json). The onboarding process requests a wallet private key interactively (explicitly stating it is not stored) to perform SIWE; this is expected but is sensitive. The client also uses environment/config variables for BASE_URL and IDENTITY_DIR, which are reasonable. The one minor mismatch: registry metadata lists KATBOT_HL_AGENT_PRIVATE_KEY as required, but the onboarding flow can save and use a local secrets file instead — this is not dangerous but worth noting.
Persistence & Privilege: noteThe skill writes files to ~/.openclaw/workspace and to an identity directory (katbot-identity) including katbot_secrets.json (mode 600) and katbot_token.json (mode 600). always:false (normal). The trigger setup exposes an auto_execute_trade option which, if enabled, allows unattended trade execution — the wizard warns against enabling it. The skill does not modify other skills' configs or request platform-wide permanence.