Skillv1.1.1

ClawScan security

Taco Connector · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 5, 2026, 10:37 AM

Verdict: benign
Confidence: medium
Model: gpt-5-mini
Summary: The skill and included CLI code are internally consistent with a Taco trading API client: it stores a local config, uses Python/requests to call api.taco.trade for market data and trading, and does not request unrelated credentials or install external code.
Guidance: This skill appears to be a straightforward CLI client for the Taco trading API, but consider these before installing: - Source/ownership: the package homepage and source are missing and the owner id is unknown. If you do not trust the origin, review the full taco_client.py (including any truncated portions like the 'init' command) before running. - Sensitive data on disk: the API key (api_token), user_id, and trader_ids are stored in plaintext at ~/.openclaw/workspace/taco/config.json. Ensure file permissions restrict access (chmod 600) and avoid reusing high-privilege keys. - Network exposure: the script will transmit your api_token to https://api.taco.trade for authenticated operations. Only use an API key with limited scopes and with exchanges/accounts you trust. - Redundancy & review: the token is included both in the Authorization header and in request bodies—this is odd but documented in the references; inspect the code to confirm there are no other external endpoints or logging of secrets. - Operational safety: if you plan to use open/close position commands, test with a demo account or very small notional amounts first and ensure the trader_ids configured are correct. If you are comfortable with these risks and verify the code, the skill is coherent with its stated purpose. If you cannot verify the source, proceed with caution or avoid installing.

Review Dimensions

Purpose & Capability: okName/description match the code and SKILL.md: the script implements kline retrieval, account/position queries, open/close position endpoints, and local indicator calculations. Required data (user_id, api_token, trader_ids) are appropriate for a trading API client; no unrelated services or credentials are requested.
Instruction Scope: okInstructions restrict actions to detecting Python, installing the requests package if missing, reading/writing the skill-specific config at ~/.openclaw/workspace/taco/config.json, and running the included Python CLI. The SKILL.md does not ask the agent to read unrelated system files or exfiltrate data to third-party endpoints beyond api.taco.trade.
Install Mechanism: okThere is no install spec (instruction-only) and the code is included in the skill bundle. The only runtime dependency is the well-known 'requests' Python package which the instructions install via pip if absent. No downloads from arbitrary URLs or archive extraction are present.
Credentials: noteNo environment variables are requested. The skill persists sensitive credentials (api_token, user_id, trader_ids) in a local JSON config under the user's home directory; this is proportionate for a trading client but has privacy/security implications (see guidance). The client sends the api_token as a Bearer header and also includes it in POST bodies per the API docs—redundant but consistent with the included references.
Persistence & Privilege: okalways is false and the skill does not request elevated or system-wide privileges. It writes only to its own config path (~/.openclaw/workspace/taco/config.json), which is within the skill's scope.