Skillv1.0.6

ClawScan security

Kraken Pro · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignFeb 14, 2026, 7:56 PM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's code, instructions, and required credentials match its stated purpose (managing a Kraken account); nothing in the package appears to be doing unrelated actions, though it requires high-privilege API credentials and will install a PyPI package at runtime.
Guidance: This package appears to do what it says: a CLI that uses the python-kraken-sdk to manage a Kraken account. Before installing and using it, consider the following: 1) Create API keys with the minimum required scopes — if you only need read access (portfolio, ledger, prices), create a read-only key and do NOT grant Withdraw/Create permissions. 2) If you need trading/withdrawal, be aware those scopes allow moving funds; only use them with trusted code. 3) The SKILL.md asks you to run `pip3 install -r requirements.txt` which will pull python-kraken-sdk from PyPI; review the dependency and prefer installing in an isolated virtualenv/container. 4) Although trading and withdrawals require explicit `--confirm` flags, an autonomous agent with access to the skill and stored API credentials could invoke commands; if you do not want autonomous use, restrict the agent's ability to call this skill or avoid storing secrets in agent config. 5) If you want maximum assurance, manually review the full kraken_cli.py content (the included file is present) and test with a least-privilege API key or a sandbox account before using with real funds.

Review Dimensions

Purpose & Capability: okName/description, required binaries (python3), required env vars (KRAKEN_API_KEY, KRAKEN_API_SECRET), included code (kraken_cli.py) and requirements (python-kraken-sdk) all directly match a CLI for interacting with Kraken (portfolio, market data, trades, ledger, staking, deposits/withdrawals). There are no unrelated credentials or binaries requested.
Instruction Scope: okSKILL.md instructs installing requirements and running the provided CLI. The runtime instructions and code only reference Kraken API calls, environment variables for keys, and local CSV/JSON outputs. There are no instructions to read unrelated files, access other system secrets, or send data to third-party endpoints outside of Kraken or PyPI (for package install).
Install Mechanism: noteThere is no platform install spec; SKILL.md tells the user to run `pip3 install -r requirements.txt`, which will install python-kraken-sdk from PyPI (python-kraken-sdk==3.2.7 is pinned). This is expected for a Python CLI but is a moderate-risk install operation because it pulls code from a public registry. The packaged code itself is included (kraken_cli.py), so no arbitrary remote downloads beyond PyPI are required.
Credentials: noteThe skill requires KRAKEN_API_KEY and KRAKEN_API_SECRET — these are exactly the credentials needed to perform authenticated account actions (orders, staking, withdrawals). That is proportionate to the claimed features, but these credentials are high-privilege (withdraw and create/modify orders). The SKILL.md and code rely on those credentials only and do not request unrelated secrets.
Persistence & Privilege: okThe skill does not request always:true or any special platform privileges. It doesn't modify other skills or system configuration. Note: model invocation is enabled by default (disable-model-invocation: false), so the agent could call this skill autonomously if the platform allows; combined with high-privilege API keys this increases risk in practice (see guidance).