Skillv3.0.4

ClawScan security

Goldrush Foundational Api · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 8, 2026, 4:43 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill is an instruction-only API reference for a blockchain data service and mostly matches its stated purpose, but there are multiple inconsistencies (brand/URL/package mixing, missing declared API-key usage, and a regex-detected prompt-injection pattern) that warrant caution before installing.
Guidance: This skill is documentation-only for a blockchain data API and largely fits that purpose, but review these points before installing: (1) Verify the provider: the docs mix 'GoldRush' and 'Covalent' assets (api.covalenthq.com and @covalenthq/client-sdk vs goldrush.dev). Confirm which service you actually intend to use and that endpoints/SDKs point to the genuine provider. (2) API key handling: the docs expect a Bearer API key but the skill doesn't declare or store any env var — decide how you'll supply the key (platform secret/env var) and avoid pasting secrets into chat messages. (3) Prompt-injection signal: the static scanner flagged a potential 'system-prompt-override' pattern; inspect the full SKILL.md (including truncated sections) for any text that tells the agent to ignore system instructions or to execute arbitrary instructions not related to API calls. (4) Because this is instruction-only, it cannot run code on disk, but if you plan to allow the agent to call external APIs autonomously, restrict what credentials and scopes the agent can use and monitor requests. If you need higher assurance, ask the skill author for the canonical homepage, repository, or publisher identity and confirm the intended API base URL and SDK package.
Findings: [system-prompt-override] unexpected: A regex-based scanner flagged 'system-prompt-override' in SKILL.md. The visible documentation is an LLM integration guide and API reference and does not obviously contain explicit system-prompt override instructions in the shown text, but the flagged pattern warrants a careful manual review of the omitted/truncated parts for any prompt-injection attempts.

Review Dimensions

Purpose & Capability: concernThe skill claims to be the 'GoldRush Foundational API' and documents GoldRush-specific endpoints, but the docs repeatedly reference Covalent assets (e.g., npm package @covalenthq/client-sdk and base URL api.covalenthq.com) and also point to goldrush.dev for signup; this brand/URL/package mixing is an incoherence that could be copy/paste error or deliberate misdirection. Otherwise the included reference files and endpoint lists align with the stated purpose (blockchain data).
Instruction Scope: noteSKILL.md and the reference files are documentation and LLM guidance for making REST/SDK calls; they do not instruct the agent to read local files, access unrelated env vars, or exfiltrate data. However, a regex-based pre-scan detected a 'system-prompt-override' pattern in the SKILL.md content; I did not find an explicit instruction like 'ignore system prompts' in the visible excerpts, but the scanner signal suggests a reviewer should check the full text for any hidden or subtle prompt-injection content in the omitted/truncated sections.
Install Mechanism: okThere is no install spec and no code files to execute — this is instruction-only documentation. That is the lowest-risk install posture.
Credentials: noteThe documentation expects an API key for calls (mentions Authorization: Bearer YOUR_API_KEY and prefixes like cqt_/ckey_), but the skill does not declare any required env vars or a primary credential. That mismatch is not necessarily malicious but is a practical gap: the agent or integrator must supply the API key elsewhere. Also, the docs mention sign-up and pricing tiers; there are no unrelated secrets or credentials requested.
Persistence & Privilege: okThe skill has no elevated privileges: always is false, autonomous invocation is allowed (the platform default), and there is no install-time behavior or requests to modify other skills or system settings.