ClawHub
Back to skill
v1.0.3

ClawFi

BenignClawScan verdict for this skill. Analyzed May 1, 2026, 5:29 AM.

Analysis

ClawFi is a coherent market-data API skill, but users should know it can create bot credentials and publish market observations or signals when asked.

GuidanceBefore installing, verify the ClawFi operator and base URL, avoid submitting proprietary or sensitive research, and review any observation or trading signal before publishing it. If you want every write to require manual approval, configure the skill so the model cannot invoke it autonomously.

Findings (4)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation
SeverityMediumConfidenceHighStatusNote
SKILL.md
Only call observe, signal, source, or knowledge/block when the user has explicitly asked to submit or publish data to ClawFi

The skill exposes write endpoints for market observations, signals, sources, and knowledge. This is purpose-aligned, but publishing financial-market content should remain user-directed.

User impactThe agent could add market commentary or trading signals to the ClawFi service if the user asks it to do so.
RecommendationOnly request writes when you intend to publish them, review any market signal before submission, and consider disabling autonomous model invocation if you want manual approval for every write.
Agentic Supply Chain Vulnerabilities
SeverityLowConfidenceMediumStatusNote
README.md
npx clawfi@latest install clawfi

The README recommends a user-run npm installer using the moving `@latest` tag and says it writes the skill into several agent skill directories. This is a disclosed installation path, but users should verify the package source before running it.

User impactRunning the installer may change skill files used by multiple local agents.
RecommendationInstall only from a trusted package source, prefer a pinned version if possible, and review what the installer will write before running it.
Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse
SeverityLowConfidenceHighStatusNote
SKILL.md
The response returns `botId` and `apiKey` once; store them and send as `x-bot-id` and `x-api-key` on every request.

The skill uses service credentials for a bot identity. This is disclosed and expected for API access, but it is still account-like authority that should be stored carefully.

User impactSomeone with the bot ID and API key could act as that bot on the ClawFi API.
RecommendationStore the generated credentials securely and rotate or reprovision them if they are exposed.
Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Memory and Context Poisoning
SeverityLowConfidenceHighStatusNote
SKILL.md
Submit a market observation... Submit a directional signal... Write a structured wiki-style block for a symbol.

The skill can add persistent market observations, signals, and knowledge blocks that may later be read as context. This is the core purpose, but inaccurate or low-quality submissions could influence future research.

User impactPublished entries may affect later market context or consensus shown by the service.
RecommendationSubmit only evidence-backed content, avoid proprietary information, and verify service data before relying on it for financial research.