Back to skill
Skillv1.0.1
ClawScan security
gate-info-coincompare · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 6, 2026, 2:41 PM
- Verdict
- Benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- This instruction-only skill is internally consistent with its stated purpose (multi-coin comparison), requires no credentials or installs, and confines actions to documented read-only MCP tools.
- Guidance
- This skill appears coherent and low-risk: it only aggregates publicly accessible market and coin data via documented MCP tools and asks for no secrets. Before enabling, ensure the Gate Info MCP server you point it at is trustworthy (installation may involve network access to your environment). Also note the skill is read-only and will not install code, but verify any actual MCP endpoints and their governance if you operate sensitive infrastructure.
Review Dimensions
- Purpose & Capability
- okName/description ask for coin comparisons and the skill only requests market snapshot, coin info, rankings, and optional technical analysis — all directly relevant and proportional.
- Instruction Scope
- okSKILL.md limits runtime actions to the listed MCP read-only tools and bundled runtime rules; it does not instruct reading arbitrary files, accessing unrelated env vars, or sending data to external endpoints.
- Install Mechanism
- okNo install spec or third-party downloads are present; the only requirement is that a Gate Info MCP server be available (the skill is instruction-only and writes nothing to disk).
- Credentials
- okThe skill declares no required env vars, credentials, or config paths. The read-only MCP access matches the described functionality and does not request unrelated secrets.
- Persistence & Privilege
- okalways:false (default) and the skill does not request persistent presence or modify other skills/config; autonomous invocation is allowed by platform default but is not elevated here.