Skillv1.1.1

ClawScan security

Crypto Investment Strategist · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 14, 2026, 7:41 AM

Verdict: suspicious
Confidence: high
Model: gpt-5-mini
Summary: The skill implements the advertised crypto analysis workflow and needs only public market access and numpy, but it contains at least one clear security/correctness concern (disabled SSL verification) and some minor hygiene issues you should review before running.
Guidance: This skill appears to do what it claims (market-data fetch, indicators, scoring, allocation), but review and address the following before running it on sensitive systems or with real capital: - Fix TLS verification: fetch_crypto_data.py explicitly disables SSL certificate checking (ssl.CERT_NONE). This makes network responses susceptible to tampering. Enable default SSL verification or use a verified CA bundle before using live data. - Run the code in an isolated environment (virtualenv or sandbox) and inspect outputs. The scripts call external endpoints (Binance, CoinGecko) and spawn subprocesses; run them locally first to verify behavior. - Install dependencies in a controlled environment: numpy is required. Use a virtualenv to avoid system changes. - Be aware scripts write logs/snapshots to disk (temporary files and optional outputs). Check where those files are stored and remove any sensitive artifacts. - No API keys or secrets are requested by the skill, which is good. If you need authenticated endpoints later, expect to provide credentials separately and verify how they are used. If you are not comfortable editing code, ask the publisher (or a developer) to remove the SSL-disable lines and add explicit dependency metadata. If you decide to run it nonetheless, do so in a sandboxed VM or container and keep network monitoring enabled.
Findings: [ssl_verify_disabled_in_fetch_crypto_data.py] unexpected: fetch_crypto_data.DataSource._fetch creates an SSLContext with check_hostname = False and verify_mode = ssl.CERT_NONE, disabling TLS verification. This is not necessary for trustworthy market-data fetching and exposes users to man-in-the-middle (MITM) or tampered responses; it's a significant security concern and should be fixed (enable verification or use a proper CA bundle). [subprocess_run_invocations_in_auto_rank_assets.py] expected: auto_rank_assets uses subprocess.run to invoke local scripts (fetch and indicator calculators). This is expected for a script-driven workflow but means the agent will launch subprocesses; review those scripts before running and prefer running in a sandbox/venv. [temporary_files_created] expected: Scripts create NamedTemporaryFile with delete=False and write snapshots/logs to disk. This is expected for the review/logging workflow, but it can leave files behind; inspect file paths and storage practices if disk hygiene matters.

Review Dimensions

Purpose & Capability: okName, README, SKILL.md and the included scripts (fetch, indicators, scoring, allocation, workflow, logging) are coherent: they implement market data fetching, indicator calculation, asset scoring, ranking and allocation as described. No unexpected services or credentials are requested.
Instruction Scope: okRuntime instructions confine activity to crypto analysis: fetching market data, computing indicators, ranking, producing allocation plans, and optionally logging snapshots. The agent will run the included Python scripts and make outbound network calls to public APIs. The SKILL.md does not instruct reading unrelated user files or secrets.
Install Mechanism: noteThe skill is instruction-only (no install spec), but the code imports numpy and README gives pip install instructions; this is reasonable but the registry metadata did not declare the dependency. Running the scripts requires Python and numpy (suggest using a venv).
Credentials: okNo environment variables, credentials, or config paths are requested. The data fetcher uses public Binance/CoinGecko endpoints and does not require API keys, which is proportionate to the stated purpose.
Persistence & Privilege: okSkill is not force-enabled (always: false) and uses normal agent invocation. Scripts write log/snapshot files (expected for review workflow) but do not attempt to modify other skills or system-wide agent settings.