Skillv1.0.0

ClawScan security

BotSpot Trading · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 16, 2026, 5:36 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's instructions are mostly consistent with a trading assistant, but it claims live deployment to many brokers without declaring how broker credentials or OAuth scopes are handled and the source/registry metadata is sparse — this raises proportionality and operational-risk questions you should resolve before enabling live trading.
Guidance: This skill appears to be a legitimate trading assistant but take these precautions before enabling it with real money: 1) Verify the connector URL (https://mcp.botspot.trade) and the vendor (BotSpot) reputation — the registry metadata is sparse and the source is unknown. 2) Confirm exactly how broker authentication is handled: which OAuth scopes will be requested, which brokers will be authorized, and whether the skill can place live orders, transfer funds, or only submit trade requests. 3) Require explicit, per-deployment user confirmation (do not allow silent/autonomous live deployments). 4) Start in paper/simulated mode first and review backtest outputs carefully; do not accept claimed performance without seeing artifact data. 5) Limit permissions: avoid granting withdrawal/transfer permissions and prefer order-only / trade-execution scopes with strict rate/size limits. 6) Ask the vendor for documentation on security, data retention, and what data is sent to BotSpot's servers. 7) If unsure, keep the skill installed but disable autonomous invocation for deployment actions or only use it for code generation/backtesting until you validate connector behavior. If you want, I can list the specific questions to ask BotSpot about OAuth scopes, broker integrations, and logging before you enable live trading.

Review Dimensions

Purpose & Capability: noteThe skill's name, description, and SKILL.md all describe building, backtesting, and deploying trading strategies which matches the declared connector (mcp.botspot.trade) and listed tool calls. However, it claims live deployment to a long list of brokers yet the registry entry declares no required credentials or primaryEnv. That could be legitimate if the platform uses OAuth connectors managed by the host, but the skill metadata does not explain where broker credentials live or what scopes/permissions are required. Also the registry shows no homepage/source while SKILL.md references https://botspot.trade — mismatch and missing provenance increases risk.
Instruction Scope: okSKILL.md confines the agent to trading tasks (generate_strategy, start_backtest, backtest_status, get_backtest_artifact, query_csv, list_public_bots, deploy). It explicitly warns to show backtest results before live deploy and to check account limits. The instructions do not ask the agent to read arbitrary local files or environment variables and do not direct data to unexpected external endpoints beyond the declared connector URL.
Install Mechanism: okNo install spec or code files are present; this is instruction-only which minimizes filesystem risk. The agent will contact an external MCP endpoint (https://mcp.botspot.trade) — network access to that host is necessary for operation and should be scrutinized, but no arbitrary downloads or archive extraction are specified.
Credentials: noteThe skill requests no environment variables, which is plausible if broker access is handled via the platform's OAuth/connectors. However, deploying live typically requires broker credentials and OAuth scopes (place orders, view account balances, possibly manage positions). The skill does not document what scopes it needs, whether it can execute trades autonomously, or whether it can withdraw/transfer funds — this lack of explicit credential/scope detail is a proportionality concern.
Persistence & Privilege: notealways is false and the skill is user-invocable (default). Autonomous invocation is allowed by platform default; combined with the skill's ability to deploy live trading bots, that increases potential impact if misused. The skill does not declare persistent modifications to agent config, but you should ensure live deployment actions require explicit user confirmation and verify OAuth scopes before allowing autonomous execution.