Skillv2.0.0

ClawScan security

Meme Scanner · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 5, 2026, 6:42 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill largely does what it says (uses GMGN APIs and a Chrome CDP connection) but contains unexplained leftovers (an embedded Ave.ai API key in v1), undeclared runtime requirements (a remote Chrome/CDP instance), and minor inconsistencies that warrant caution before installing.
Guidance: This skill appears to implement the advertised GMGN-based scanner, but contains an older v1 script that still includes a hard-coded Ave.ai API key and calls Ave.ai endpoints — despite SKILL.md claiming Ave.ai was removed. Before installing: 1) Ask the publisher why the v1 file and embedded AVE_API_KEY are present; remove or sanitize any embedded keys. 2) Only run this skill in an isolated environment (or sandbox/VM) because it asks you to start Chrome with remote debugging (ws://localhost:9222), which can expose your browser to remote commands. 3) Review and, if appropriate, delete the v1 script (or confirm its intended use). 4) Ensure required Python deps (websockets, aiohttp) are installed intentionally and verify the scripts’ network targets (gmgn.ai and, if v1 remains, ave-api.com). 5) If you don't trust the source or cannot confirm the Ave.ai key is expendable, do not install or run it. If you want higher confidence, request a clean release that only includes the v2 script, documents the Chrome/CDP requirement in metadata, and does not contain embedded secrets.

Review Dimensions

Purpose & Capability: concernThe skill claims to be 'fully using GMGN official API' (v2) and the v2 script does call GMGN endpoints via CDP which is coherent. However the package contains an older v1 script that still calls Ave.ai and includes a hard-coded AVE_API_KEY constant. The registry metadata declares no required env vars or binaries, but the runtime actually requires a Chrome instance with remote debugging/extension (CDP). These mismatches (leftover Ave.ai usage and undeclared Chrome CDP requirement) are inconsistent with the stated purpose.
Instruction Scope: concernSKILL.md instructs the agent/user to start Chrome with remote debugging on port 9222 and connect OpenClaw to it (CDP) to bypass Cloudflare. The scripts then use the CDP to execute fetch() in the browser context. Requiring the user to run a remote browser and enabling CDP is a material runtime requirement that is not represented in metadata. The SKILL.md also references another skill's documentation (Token Analyzer) for setup, creating external dependencies and scope creep.
Install Mechanism: noteThere is no install spec (instruction-only), which minimizes automated installation risk. However, the package does include two Python scripts that will be executed by the user/agent and require Python packages (websockets, aiohttp). SKILL.md mentions websockets but there is no explicit dependency installation step. The absence of an install step plus embedded scripts means a user/agent could run code without an explicit, auditable install process.
Credentials: concernRegistry metadata declares no required environment variables, yet scripts contain a hard-coded AVE_API_KEY and AVE_API_BASE in the v1 script. Embedding a third‑party API key in the repository is unexpected and unnecessary for the v2 'GMGN-only' claim — this is an unexplained credential leak/leftover. The scripts also write to /root/.openclaw/workspace/scanned_tokens.json (workspace file) — that file access is reasonable for scan state but is a persistent local artifact to be aware of.
Persistence & Privilege: okThe skill does not request always:true and does not modify other skills or system settings. It reads and writes a single workspace file for scanned token state, which is proportional for its functionality. Agent autonomy (disable-model-invocation=false) is the platform default and not flagged here.