Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Dynamix
v1.0.0Operate the Dynamix Solana trading dashboard, purchase access, sign in, manage wallets, configure automated trading strategies, monitor live trades, and mana...
⭐ 0· 29·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
medium confidencePurpose & Capability
The name/description (Dynamix Solana trading dashboard) matches the SKILL.md content: purchase flow, sign-in, wallet and bot management, and dashboard operation. There are no unrelated binaries, env vars, or installs requested that would be inconsistent with a user guide for a web trading platform.
Instruction Scope
The instructions are limited to web UI actions (purchase, sign in, configure bots, view trades). However the guide necessarily covers handling API keys, payment deposit addresses, and wallet connections—sensitive operations. I did not see instructions to read local system files or environment variables, but the skill could instruct a user to paste API keys or wallet data into the agent or UI; that is expected for this purpose but is high-risk and should be treated cautiously.
Install Mechanism
No install spec, no code files, no downloads — instruction-only. This is the lowest-risk install profile and matches the declared metadata.
Credentials
The skill declares no environment variables, credentials, or config paths. That is proportionate for a user-facing walkthrough. The SKILL.md references API keys delivered by email and on-site wallet interactions (expected), but it does not request system-level secrets or cloud credentials.
Persistence & Privilege
always is false and the skill is user-invocable. It does not request permanent agent presence or modify other skills. Autonomous invocation is permitted (platform default) but not unusual here; consider the normal risks of allowing any skill to act autonomously when it can perform high-value actions.
Assessment
This skill is a how-to guide for a trading website and appears coherent, but it instructs about payments, API keys, and wallet connections — actions that directly affect funds and secrets. Before using the skill, do the following: (1) Do not paste your wallet seed phrase or private keys into chat or any third-party form. (2) Prefer using a wallet extension or hardware wallet to sign transactions — avoid copy-pasting private keys. (3) Verify the website URL and TLS certificate (https://dynamix.gg) and confirm any deposit addresses shown on the site before sending SOL; attackers can spoof addresses. (4) Be cautious with any instruction that asks the agent to hold, transmit, or store API keys or to perform on-chain transactions autonomously — perform payments and approvals manually if you are unsure. (5) Review the full SKILL.md yourself for any steps that ask for secrets or ask the agent to perform signing actions; if you find instructions to provide private keys or seed phrases to the agent, do not proceed. (6) Consider limiting this skill to read-only guidance and avoid granting it permission to act autonomously on your behalf for financial operations.Like a lobster shell, security has layers — review code before you run it.
latestvk97e00b0vp6hhawsqc89da67c1841bvd
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
⚡ Clawdis
OSmacOS · Linux · Windows