Skillv1.0.0

ClawScan security

Kamino Positions Monitor · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignFeb 23, 2026, 5:37 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's requirements and instructions are coherent with its stated purpose (monitor Kamino lend positions) but it instructs the user to fetch and run external code—review that code before running it.
Guidance: This skill appears to do what it says: monitor Kamino lending positions using Node code in a GitHub repo. Before installing or running it you should: 1) inspect the repository (or ask for a known commit/tag) rather than blindly running git clone && npm install; 2) review package.json and any postinstall scripts to ensure no unexpected code will execute; 3) run the tool in an isolated environment (container or VM) if you have security concerns; 4) ensure wallets.json contains only public wallet addresses (not private keys or seed phrases); 5) use a dedicated SOLANA_RPC_URL and avoid exposing unrelated secrets—if you plan to enable Telegram delivery, treat TELEGRAM_BOT_TOKEN as sensitive and provide it only if you trust the code; and 6) prefer pinned releases (commit hash or release tag) over floating master branches. If you want, I can fetch and summarize the GitHub repository contents (package.json, kamino_monitor.js) so you can spot risky behaviors before running it.

Review Dimensions

Purpose & Capability: okName and description (Kamino/Solana liquidation monitoring) match the runtime instructions: the skill requires node and a project that computes collateral/debt/health from provided wallet addresses. Required binaries and declared inputs align with the task.
Instruction Scope: okSKILL.md stays on-topic: it tells the agent/user to install the kamino-positions-monitor repo, provide wallets.json, optionally set SOLANA_RPC_URL or TELEGRAM_* for delivery, and run node kamino_monitor.js. It does not instruct reading unrelated files or exfiltrating data to unexpected endpoints.
Install Mechanism: noteThe skill is instruction-only (no install spec), but it directs the user to clone a GitHub repo and run npm install. Pulling and running external code (and npm install) is a normal pattern for this use but carries the usual risks: arbitrary code execution via repository content or npm postinstall scripts. The repo is a GitHub URL (not a shady host), which is better than a random server, but the code is not included here for review.
Credentials: okNo credentials are required by the skill itself. Optional environment variables mentioned (SOLANA_RPC_URL, TELEGRAM_BOT_TOKEN, TELEGRAM_CHAT_ID, KAMINO_MONITOR_PATH) are reasonable and directly related to operational needs (RPC access and optional Telegram delivery). There is no request for unrelated secrets or host config.
Persistence & Privilege: okThe skill is not always-enabled and does not request elevated platform privileges. It does not attempt to modify other skills or require persistent presence.