Back to skill
Skillv0.2.7
ClawScan security
Byreal Cli · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 13, 2026, 7:18 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill is internally consistent: it is an instruction-only wrapper that expects the byreal-cli npm package and its runtime usage matches the declared purpose.
- Guidance
- This skill is coherent for a CLI-based Byreal analytics tool, but treat npm packages with standard caution: verify the @byreal-io/byreal-cli package and its GitHub repo (look at package.json and any install scripts), prefer installing in a sandbox/container if you don't trust the package, and never paste private keys into chat (follow byreal-cli setup for wallet writes). If you need stronger assurances, inspect the package code on GitHub or install locally rather than globally and review postinstall actions before granting it system-level permissions.
Review Dimensions
- Purpose & Capability
- okName/description (Byreal DEX analytics) align with requirements: the skill requires the byreal-cli binary and installs @byreal-io/byreal-cli via npm, which is proportional to the stated CLI purpose.
- Instruction Scope
- okSKILL.md only instructs the agent to discover and run byreal-cli commands, check/version/install the CLI, and follow safe handling rules for private keys; it does not request unrelated system files, extra environment variables, or exfiltration.
- Install Mechanism
- noteInstall uses an npm package (@byreal-io/byreal-cli). This is expected for a Node CLI but carries the usual npm-install risks (postinstall scripts, arbitrary code run at install time). Package source is a GitHub repo which helps reviewability.
- Credentials
- okNo environment variables, credentials, or config paths are requested by the skill; instructions explicitly discourage pasting private keys into chat and direct users to the CLI's interactive setup for wallet writes.
- Persistence & Privilege
- okSkill does not request always:true or elevated persistence. It is user-invocable and can be run autonomously per platform defaults, which is expected for a CLI integration.