Skillv1.5.0

ClawScan security

Coinw Contract Skill · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

SuspiciousApr 24, 2026, 2:42 AM

Verdict: suspicious
Confidence: high
Model: gpt-5-mini
Summary: The skill appears to implement the CoinW contract API and only requests the expected API key/secret, but the 'always: true' flag (force-enabled) combined with asking for credentials is a disproportionate privilege and raises risk.
Guidance: This skill otherwise looks coherent for interacting with CoinW, but the 'always: true' privilege is the main concern. Before installing: 1) Confirm you trust the skill's publisher and origin (no homepage/source is listed). 2) Avoid pasting high-privilege API secrets into chat — prefer storing them via the platform's secure credential UI. 3) If you must provide an API key, create a scoped key with the minimum permissions needed (prefer read-only or trading without withdrawal) and enable IP whitelisting and 2FA where possible. 4) Do not use a primary account key — create a separate test/trading key and fund it minimally. 5) Ask the vendor why 'always: true' is necessary; if not needed, decline installation or request a version without that flag. 6) Monitor account activity and rotate keys after testing. These steps reduce risk from a force-enabled skill that can access your exchange credentials.

Purpose & Capability: okName/description (CoinW contract REST API) aligns with requested environment variables (COINW_API_KEY, COINW_SECRET_KEY) and the SKILL.md content. No unrelated binaries, credentials, or config paths are requested.
Instruction Scope: okSKILL.md contains API usage, signing instructions, and examples limited to CoinW endpoints. It instructs the agent to collect API keys in chat and store them in OpenClaw credential storage, which is consistent with a trading API skill. It does not instruct the agent to read unrelated files or exfiltrate data to third-party endpoints.
Install Mechanism: okInstruction-only skill with no install spec and no code files—nothing is downloaded or written to disk by an installer. This is the lowest-risk install mechanism.
Credentials: okThe two required env vars (API key and secret) are appropriate and expected for a contract trading API. There are no extra or unrelated secrets requested. The SKILL.md also documents standard signing and key-creation steps.
Persistence & Privilege: concernThe skill is marked always: true, meaning it will be force-included in every agent run. Combined with its need for API credentials and the instruction to accept/store secrets from chat, this creates a high blast radius if the skill is compromised or malicious. The 'always' flag is not justified in the documentation.