Back to skill
Skillv1.0.0
ClawScan security
Raydium · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 10, 2026, 7:14 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- This is an instruction-only Raydium pool-audit skill whose declared purpose, runtime instructions, and resource needs are internally consistent and do not request unrelated credentials or installs.
- Guidance
- This skill is instruction-only and appears coherent with its stated purpose. Before installing or using it: (1) do not provide private keys, wallet phrases, or credentials — the skill does not need them; (2) understand it performs an off-chain, heuristic assessment based on inputs you give (it will not verify on-chain state unless you supply that data); (3) treat its recommendations as advisory, not a substitute for smart-contract audits or operational checks; and (4) if the assistant ever asks for access to wallets, node RPC credentials, or other secrets, stop and refuse — those requests would be out of scope and suspicious.
Review Dimensions
- Purpose & Capability
- okThe name/description advertise a pre-LP audit for Raydium pools and the skill is instruction-only with no binaries, installs, or environment variables required; these requirements align with a purely analytical helper that relies on user-supplied data rather than performing on-chain operations.
- Instruction Scope
- okSKILL.md confines the agent to parsing user-provided pool details, assessing depth/concentration/fragility, and returning recommendations. It explicitly forbids executing trades, wallet/contract interactions, or fabricating precision. The instructions do not ask the agent to read system files, environment variables, or transmit data to external endpoints.
- Install Mechanism
- okNo install spec or code files are present (instruction-only). No downloads, packages, or archive extraction are requested, so nothing will be written to disk or executed beyond the agent following the prose instructions.
- Credentials
- okThe skill declares no required environment variables, credentials, or config paths. There are no surprising or unrelated secret requests that would be disproportionate to a pool-audit assistant.
- Persistence & Privilege
- okFlags indicate default behavior (always: false, user-invocable: true, model invocation allowed) and the skill does not request permanent presence or changes to other skills or system-wide settings.