Skillv1.0.0

ClawScan security

Smart Money Miner · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

ReviewMar 16, 2026, 12:19 AM

Verdict: Review
Confidence: medium
Model: gpt-5-mini
Summary: The skill largely does what it says (mines 'smart money' addresses by calling PumpFun/Four Meme/OKX/Binance endpoints), but the package includes a large vendored virtualenv and a prompt-injection style marker (unicode-control-chars) and lacks an install spec — these inconsistencies raise caution before running it.
Guidance: What to consider before installing or running this skill: - Review the code before running. Open scripts/miner.py and grep for subprocess, os.system, eval/exec, open(..., 'r') outside the workspace, or any hidden network destinations. The visible miner.py uses requests and is network-heavy but does not obviously spawn shell commands. - Be cautious about the included virtualenv. The repository bundles a full venv (pip, requests, urllib3, etc.). Do NOT run that venv blindly — instead create a fresh isolated environment (e.g., new Python venv or container) and install only the minimal dependencies (requests) from PyPI. - Run in isolation first. Execute the script in a disposable container or VM, with network monitoring, and start with tiny limits (e.g., --limit 1) so you can observe outbound requests and behaviour. - Check external endpoints and credentials. The code calls OKX 'priapi' endpoints and a Binance narrative endpoint. Confirm whether those endpoints are public and whether they expect API keys; the skill does not request any keys. If you must provide credentials later, only do so with least privilege and after verification. - Inspect SKILL.md for hidden characters. The scan indicated unicode-control-chars — open the file in a hex-capable editor to ensure there are no invisible sections that could affect automated parsers. - Validate outputs. Some values in the bundled smart_money_results.json are implausibly large — this may indicate bugs or lack of input validation. Treat results as investigatory data, not trading advice. - Legal and ethical caution: mining and acting on on-chain trader addresses may have legal or platform policy implications depending on jurisdiction and how you use the results. If you want, I can: - Summarize miner.py and highlight any exact lines that perform network calls, file I/O, or potentially risky operations. - Produce a short checklist of commands to safely run the tool in a containerized environment. Confidence note: Assessment is medium confidence because the core code aligns with the stated purpose, but the included vendored virtualenv and the unicode-control-chars finding are unexplained and increase risk; additional manual code review would raise confidence either way.
Findings: [unicode-control-chars] unexpected: A pre-scan detected unicode control characters in SKILL.md content. This can be used to obfuscate or alter parsing/presentation. It's not required for the skill's purpose and warrants manual inspection of SKILL.md and files for hidden characters or parsing tricks.

Review Dimensions

Purpose & Capability: noteThe SKILL.md, README, CLAUDE.md and scripts/miner.py are coherent: the code fetches tokens and top traders from PumpFun/FourMeme and OKX, analyzes wallet PnL, and writes JSON results — all matching the stated purpose. Minor note: miner.py also calls a Binance AI narrative endpoint for BSC tokens (reasonable for 'BSC extras').
Instruction Scope: noteInstructions tell the agent to run scripts/miner.py which performs network requests to multiple third-party endpoints and reads/writes local JSON files (skip_addresses.json and smart_money_results.json). The runtime instructions do not request unrelated system files or secrets, but they do allow broad network activity (multiple external APIs) which is expected for this task but should be acknowledged.
Install Mechanism: concernThere is no declared install spec, but the repository ships a full Python virtualenv (venv/) with hundreds of vendored packages (pip, requests, urllib3, etc.). Packaging a full venv inside a skill increases risk and the attack surface (hidden or modified third-party code), and there is no documented or signed source for those vendored files. The lack of an explicit, minimal install step (pip install requests) combined with the included venv is disproportionate.
Credentials: okThe skill declares no required environment variables or credentials and the code does not appear to read secrets from env vars. All network calls target PumpFun, Four Meme, OKX, and Binance web endpoints, which is proportionate to the described functionality. (If private OKX endpoints actually require auth, that is not documented here.)
Persistence & Privilege: okSkill flags are default (not always:true) and the skill does not request persistent platform privileges or modify other skills. It writes output and optionally reads a local skip file only in its own directory — no elevated privileges requested.