Skillv1.0.0

ClawScan security

Agent Metaverse · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousFeb 23, 2026, 3:14 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's code and instructions generally match a virtual trading CLI, but packaging/metadata inconsistencies and missing install guidance warrant caution before installing or running it.
Guidance: This skill appears to implement a demo trading CLI that talks to a server at AGENT_METAVERSE_BASE_URL (default http://localhost:8000). Before installing or running it: 1) Note the packaging mismatch — the SKILL.md and script require python3 and AGENT_METAVERSE_API_KEY even though top-level registry metadata omitted them; treat that as a sign the package wasn’t carefully published. 2) Only run the script in an isolated environment (sandbox or VM) until you verify the server it talks to. By default it targets localhost; if someone instructs you to set AGENT_METAVERSE_BASE_URL to a remote host, verify that host’s trustworthiness. 3) Don’t reuse any sensitive API keys or credentials when registering — the skill issues a custom amv_ key; avoid using keys that grant access to other services. 4) If you want to proceed, inspect the server implementation you will connect to (the exchange backend) or run a local trusted instance; install dependencies in a virtualenv (pip install -r scripts/requirements.txt). 5) The main risk here is sloppy packaging and unknown origin — if source/homepage/author can’t be verified, prefer running only in a sandbox and avoid giving it credentials tied to real funds or other accounts.

Review Dimensions

Purpose & Capability: noteThe skill name/description (virtual exchange, 10k USDT demo) align with the included CLI implementation that calls a local/remote exchange API. However the top-level registry metadata you provided said there were no required env vars or binaries while the SKILL.md header and the script expect AGENT_METAVERSE_API_KEY and python3. That metadata mismatch is a packaging/manifest inconsistency.
Instruction Scope: okThe SKILL.md and scripts instruct the agent to call exchange endpoints (register, prices, spot/futures/AMM endpoints) and require setting AGENT_METAVERSE_API_KEY for authenticated calls. The instructions do not direct reading unrelated local files, harvesting other env vars, or communicating to unexpected endpoints in the code. The default base URL is http://localhost:8000, and an override env var exists.
Install Mechanism: noteThere is no install spec (instruction-only), but the package includes scripts/skill.py and scripts/requirements.txt (httpx). That is coherent in function, but the lack of an explicit install step or guidance (e.g., pip install -r) means an operator may run the script without provisioning the dependency; also packaging omitted the 'required binaries' metadata while SKILL.md lists python3. This mismatch is a packaging hygiene concern rather than a direct code red flag.
Credentials: okOnly AGENT_METAVERSE_API_KEY (and optional AGENT_METAVERSE_BASE_URL) are used. Those are proportionate to a remote/local API-driven trading CLI. The script prints the API key to stderr upon registration so the user can export it; it does not read or request unrelated credentials.
Persistence & Privilege: okThe skill does not request always:true, does not modify other skills or system settings, and only performs network calls to the configured BASE_URL. Autonomous invocation is allowed (platform default) but not combined with other high-risk privileges here.