Back to skill
Skillv2.0.2
ClawScan security
AISP · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignFeb 13, 2026, 5:53 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's requirements and runtime instructions are consistent with its stated purpose (renting/listing DIEM/Venice inference keys); it requests only a BACKEND_URL and has no install or hidden code, but you should verify the backend's provenance before use and ensure the agent won't autonomously sign or send funds.
- Guidance
- This skill appears coherent for interacting with a DIEM/Venice marketplace, but before installing: - Verify the BACKEND_URL points to a trusted backend you control or recognize; that URL controls key retrieval and rental flows. - Never place private keys or raw wallet secrets into the skill or agent environment; use an external signer or hardware wallet as the SKILL.md recommends. - Ensure the agent will prompt you for explicit approval before performing any on-chain fund() or settle() transactions (or run the skill with model invocation disabled until you confirm behavior). - If possible, test read-only calls (GET /api/listings) first to confirm endpoint behavior before performing payments or key retrieval. - Treat API keys retrieved from the backend as sensitive and ensure they are scoped/revocable as recommended.
Review Dimensions
- Purpose & Capability
- okThe skill's name/description (renting/listing DIEM/Venice API capacity) aligns with its declared requirement (BACKEND_URL) and with the API endpoints and SDK usage described in SKILL.md. There are no unrelated env vars, binaries, or config paths requested.
- Instruction Scope
- noteSKILL.md is instruction-only and outlines expected operations: listing discovery (GET /api/listings), on-chain funding (contract.fund), signed backend calls to retrieve keys, and storing keys as a provider. This stays within the stated purpose, but includes high-impact actions (on-chain fund/settle) and signing messages — the doc explicitly advises external signers and user confirmation before transfers, which is appropriate and necessary.
- Install Mechanism
- okNo install spec and no code files are present (instruction-only). This minimizes risk from arbitrary downloads or installs.
- Credentials
- noteOnly BACKEND_URL is required, which is proportional for a backend-driven marketplace. However, the BACKEND_URL determines the remote service the skill will call — verify its provenance and trustworthiness before setting it, since a malicious backend could attempt to trick an agent into unsafe actions.
- Persistence & Privilege
- okalways:false and no special persistence or system-wide configuration changes requested. The skill allows autonomous invocation by default (platform normal), but SKILL.md recommends requiring explicit user confirmation for fund transfers.