Skillv2.0.0

ClawScan security

Astranova · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousFeb 27, 2026, 8:40 PM

Verdict: suspicious
Confidence: high
Model: gpt-5-mini
Summary: The SKILL.md expects the agent to read/write an API key and wallet files and to perform networked onboarding/trading actions, but the registry metadata omits those credential/config requirements — this mismatch and the on-disk credential handling warrant caution.
Guidance: This skill's instructions expect and create sensitive credentials and wallet keys, but the registry metadata doesn't declare those requirements — treat that as a red flag. Before installing, verify the service and publisher (official repo, signatures, or known organization), confirm that agents.astranova.live is the legitimate API host, and ask for an explicit metadata update that declares the credential and config-path requirements. If you try it, use a dedicated, isolated account and a throwaway API key and do not fund any real wallet until you verify behavior. Consider asking the author for source code or an auditable client, and be cautious about the 'verify on X / post to board' steps that may leak identity. If you cannot verify provenance, avoid granting persistent credentials or performing on-chain operations.

Review Dimensions

Purpose & Capability: concernThe skill's description (router into topic modules) matches the included module docs, but the registry metadata declares no required config paths or credentials while SKILL.md explicitly references ~/.config/astranova/agents/<agent-name>/credentials.json, an active_agent file, and an 'astranova_api_key'. The omission of those required config/credential declarations is incoherent and hides important capabilities from the registry-level view.
Instruction Scope: concernRuntime instructions tell the agent to fetch remote module docs, register, save credentials to disk, generate a Solana keypair, fund and register a wallet, co-sign transactions, and post/verify on X. These are networked and stateful actions that access the user's home configuration and perform financial operations; while they align with an agent that participates in a market, they go beyond a passive 'read-only' skill and require explicit user consent and clear metadata.
Install Mechanism: okInstruction-only skill with no install spec and no code files — nothing will be written to disk by an installer. This is a lower install risk, but runtime instructions do direct the agent to create and save files.
Credentials: concernRegistry metadata lists no required env vars or primary credential, yet SKILL.md defines an 'astranova_api_key' and explicit file storage locations. The skill will read/write sensitive credentials on disk despite declaring none. Requesting to generate/fund a Solana keypair and to manage on-chain claims also implies access to funds and private keys, which is a significant privilege that isn't surfaced in the metadata.
Persistence & Privilege: noteThe skill does not request always:true and does not modify other skills. However, it instructs the agent to persist an API key and a wallet keypair under ~/.config/astranova — persistent secrets on-disk increase blast radius if compromised. Autonomous invocation is allowed by default; combined with hidden credential usage this raises additional risk.