Skillv1.0.0

ClawScan security

crypto briefing · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousFeb 27, 2026, 6:17 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's files and instructions generally match a crypto briefing purpose, but there are several inconsistencies and a mandatory browsing requirement that could expose the agent/user to untrusted sites — review the listed domains and browsing profile use before installing.
Guidance: This skill appears to do what it says (collect prices, Fear & Greed index, and news), but take precautions before installing: 1) Review and vet the five mandatory news domains — if you don't trust them, do not allow the browser to visit them. 2) Ensure the browser profile used (profile=openclaw) is isolated and does not contain personal cookies, saved logins, or sensitive headers, since the skill requires navigating third-party sites. 3) Note the SKILL.md prefers CoinMarketCap but the included script uses CoinGecko and alternative.me — confirm which data source you want and consider editing the script if necessary. 4) Be aware that visiting external sites can leak IP and other metadata; run the skill in a sandboxed environment or behind a proxy if privacy is a concern. 5) If you need stronger assurances, request the author to (a) make the list of news sources configurable, (b) remove the absolute 'MUST visit ALL 5' requirement, and (c) document any risk mitigations (robots.txt, timeouts, sanitization).

Review Dimensions

Purpose & Capability: noteName and description match the behavior: fetching prices, F&G index, news and producing a briefing. Minor inconsistency: SKILL.md instructs the agent to prefer CoinMarketCap for price and F&G, while the included script fetches prices from CoinGecko and F&G from alternative.me. Both are plausible data sources, but the mismatch should be clarified.
Instruction Scope: concernSKILL.md mandates visiting five specific external news sites (foresightnews.pro, panewslab.com, theblockbeats.info, techflowpost.com, odaily.news) and insists none may be skipped. This is within the stated purpose (collecting news) but forces the agent to navigate arbitrary third‑party domains with a specific browser profile (profile=openclaw). That rigid 'MUST visit ALL 5' requirement increases risk: visiting untrusted sites can leak IP, headers, or profile cookies and may expose the agent to malicious content. The instructions do not mention respecting robots.txt, rate limits, or validating content authenticity.
Install Mechanism: okNo install spec; skill is instruction-driven with a small helper script. No packages are downloaded or written to disk by an installer, which is lower risk.
Credentials: noteSkill does not request environment variables or credentials (proportionate). However, it requires using a browser with profile=openclaw, which could expose stored cookies, auth tokens, or identifying headers if that profile is not isolated. The included script performs outbound network requests to public APIs (CoinGecko, alternative.me) — expected, but network access is required.
Persistence & Privilege: okSkill does not request always:true or any elevated persistence. It is user-invocable and does not declare system-wide changes or privileged modifications.