Skillv1.2.9

ClawScan security

GMGN Skill Track · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 29, 2026, 8:49 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's instructions are coherent with a GMGN-tracking purpose, but the registry metadata omits required credentials and install steps and the runtime instructions ask for sensitive keys and system-level checks — these mismatches warrant caution.
Guidance: Before installing or using this skill: (1) do not trust the registry metadata here — SKILL.md requires GMGN_API_KEY and GMGN_PRIVATE_KEY and a gmgn-cli npm package even though the metadata lists none; ask the publisher to correct the metadata. (2) Treat GMGN_PRIVATE_KEY as highly sensitive — prefer an API token with limited scope if possible and avoid placing private keys in plaintext home-config files. (3) Verify the origin and source code of the gmgn-cli npm package (npm page, repository, maintainer, recent publish history, downloads, and whether the package executes code at install). Consider running it in a sandbox/container or reviewing its code before global installation. (4) Be aware the skill asks you to run system network commands (ifconfig/ip) and an external IP-check; those are troubleshooting steps but will reveal local network info. (5) If you must use follow-wallet features, minimize blast radius by creating limited-scope credentials and avoid sharing other unrelated credentials. (6) Ask the skill author to add explicit install metadata and declare required env vars/config paths so you can make an informed decision.

Review Dimensions

Purpose & Capability: concernThe SKILL.md clearly requires gmgn-cli and user credentials (GMGN_API_KEY and GMGN_PRIVATE_KEY for follow-wallet) and a config path (~/.config/gmgn/.env). The registry metadata lists no required env vars, no primary credential, and no install spec. That mismatch (claimed 'none' vs documented required credentials/install) is incoherent: the skill legitimately needs those credentials for its functionality, but the metadata does not declare them.
Instruction Scope: concernRuntime instructions direct the agent to run gmgn-cli for all queries (appropriate) but also to read the user's GMGN config file and to run system network commands (ifconfig/ip addr) and an external IP test (https://ipv6.icanhazip.com) to debug IPv6. Reading the user's GMGN config and private key is necessary for follow-wallet functionality, but those file/env accesses are not declared in metadata. The guidance to never use webfetch/curl for GMGN data but to use an external endpoint for IPv6 testing is odd but explainable as a connectivity check.
Install Mechanism: noteThere is no install spec in the registry entry, but SKILL.md instructs users to run `npm install -g gmgn-cli` if gmgn-cli is missing. Installing a third-party npm package globally is a moderate-risk action (npm packages can execute code during install); this is plausible for a CLI-based skill but would be safer and clearer if the registry install spec declared the package and its source (npm package page / homepage / repo).
Credentials: concernThe skill requires GMGN_API_KEY and (for follow-wallet) a GMGN_PRIVATE_KEY stored in ~/.config/gmgn/.env according to SKILL.md — both are sensitive. These credentials are proportionate to the stated, user-specific follow-wallet capability, but the registry metadata lists no required env vars or primary credential, which is a notable omission. Requiring a private key increases sensitivity; the skill should clearly document why both API key and private key are needed and how they are stored/used.
Persistence & Privilege: okThe skill is instruction-only, has no install spec, does not request 'always: true', and does not declare the ability to modify other skills or system-wide settings. Autonomous invocation is allowed (default) but not combined with other high-risk factors here.