Skillv0.1.0

ClawScan security

Crypto Auto Progression · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 5, 2026, 7:47 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's instructions coherently describe setting up and driving recurring cron jobs that can run scripts, modify code, and produce commits/reports, but it asks for none of the credentials or explicit permissions that such actions require and gives the agent broad discretion to change project state — this mismatch is concerning.
Guidance: This skill will set up recurring jobs that can run scripts, modify project code, and create commits/reports. Before installing: 1) Verify and trust the skill source — it has no homepage or author info. 2) Run it first in an isolated/staging workspace (not your production repo). 3) Require least-privilege credentials (read-only where possible) and hold back credentials for Binance or repo write access until you audit the exact commands and cron job contents. 4) Insist that every automated commit/change be reviewed (change diffs, signed commits, or gated merge). 5) Log and alert on all automated actions and provide a quick kill-switch to disable cron jobs. 6) If you need this functionality, ask the author for an explicit list of required env vars/permissions and for the exact cron job payload templates to review before giving write access.

Review Dimensions

Purpose & Capability: noteThe name/description (auto progression for a crypto-hedge-backtest) match the SKILL.md: it instructs creating 5m/30m/daily cron jobs to run scripts, produce files/commits, and report results. That capability set is consistent with the stated purpose. However, the instructions expect the agent to perform code changes, runs, and commits (write access to the project), which is a higher privilege than the skill declares; the skill does not document required credentials or repo access which would normally be needed.
Instruction Scope: concernSKILL.md tells the agent to create cron jobs, run 'cron run --force', inspect 'cron runs' and 'cron list', detect and act on new files/commits/reports, and '跑脚本 / 改代码 / 产出文件' (run scripts / change code / produce files). Those are concrete actions that read and modify project state and may call external services (Binance). The instructions grant broad discretion to modify code and create persistent jobs; they do not limit what files/commands are used or require human review before committing changes.
Install Mechanism: okInstruction-only skill with no install spec and no code files — minimal risk from installation (nothing is downloaded or written by an installer).
Credentials: concernThe skill declares no required env vars or credentials, yet its instructions assume access to the project filesystem/repository and reference pulling data from Binance (network calls and potential API keys). This is a mismatch: tasks like fetching Binance data or pushing commits typically require API keys and repository auth, which are not surfaced or justified.
Persistence & Privilege: notealways:false (normal), but the core behavior is to create and manage recurring cron jobs on the platform (persistent automation). This creates long-lived effects (scheduled runs and potential repeated code changes). The skill does not request explicit confirmation steps or safety limits for those persistent actions.