Skillv1.0.3

ClawScan security

gate-info-addresstracker · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignApr 7, 2026, 10:34 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill is an instruction-only, read‑only on‑chain address tracker that only calls specific MCP on-chain query tools and asks for no credentials — its requirements and instructions are coherent with its stated purpose.
Guidance: This skill appears coherent and read-only: it calls only specific Gate-Info MCP tools and asks for no credentials. Before installing or enabling it consider: (1) confirm your runtime has legitimate access to the Gate-Info MCP service it expects (the skill depends on that service being available); (2) decide whether you want the agent to be allowed to auto-upgrade to 'deep' investigations (the skill may perform additional, heavier queries when it detects large balances or risk flags); (3) note the SKILL.md references shared runtime rules outside the bundle — review those rules if available in your environment. If any of these (MCP access, autonomous deep-tracing, or external runtime rules) is unacceptable, restrict or review the skill before enabling it.

Review Dimensions

Purpose & Capability: okName/description match the declared behavior: the SKILL.md consistently documents address profiling, transaction queries, and fund-flow tracing using Gate-Info MCP tools. The skill declares no required env vars or binaries and only uses read-only MCP tools (info_onchain_get_address_info, info_onchain_get_address_transactions, info_onchain_get_transaction, info_onchain_trace_fund_flow), which is proportionate to an address-tracking skill. Minor note: registry metadata lists an unknown source/homepage while README claims a GitHub repo and Gate.com publisher — this mismatch is informational but does not affect capability coherence.
Instruction Scope: noteRuntime instructions are specific and constrained to the listed MCP tools and to read-only operations, which is appropriate. Two items to be aware of: (1) the skill includes an auto-upgrade path to 'deep' mode (it will trigger additional, heavier queries when balance/labels/risk flags meet thresholds), which can cause extra tool calls without an explicit user confirmation; (2) the SKILL.md instructs the agent to read external shared runtime rules (../gate-runtime-rules.md and ../info-news-runtime-rules.md). Both are explainable by the Gate skill ecosystem but are worth noting because they expand what the agent may consult before acting.
Install Mechanism: okInstruction-only skill with no install spec and no code files in the published bundle. This is the lowest-risk install model — nothing is downloaded or written by an install step.
Credentials: okThe skill declares no environment variables, no credentials, and explicitly states API key is not required for standard runtime. It relies on the presence of Gate-Info MCP services but does not request unrelated secrets or system paths.
Persistence & Privilege: okalways:false and no requests to modify other skills or system-wide settings. The skill can be invoked autonomously by the agent (disable-model-invocation:false) which is the platform default — acceptable here given the limited read-only scope. Local maintenance/update steps are marked repository-only and require user confirmation.