Skillv1.0.0

ClawScan security

Crypto Signals Daily · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousFeb 21, 2026, 6:19 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's description promises automated crypto signals but the runtime instructions provide no data sources, APIs, or required credentials and are overly vague—this mismatch could lead the agent to take broad/unexpected actions or rely on hidden integrations.
Guidance: This skill's description and runtime instructions don't match: it promises automated trading signals but gives no details about where data comes from, what APIs are used, or whether it will execute trades. Before installing or enabling it: (1) ask the publisher for a full runtime plan—list of data sources/endpoints, whether Binance API access (and what scopes) is required, and how Reddit sentiment and Fear & Greed are computed; (2) never provide exchange API keys unless you understand and trust exactly what actions the skill will perform and can limit permissions (read-only vs trading); (3) prefer skills that declare required env vars and endpoints explicitly or provide source code you can audit; (4) if you plan to let the agent act autonomously, require explicit confirmation for any trade execution. Given the unknown source and the incoherent instructions, proceed cautiously or request more detail/source code before use.

Review Dimensions

Purpose & Capability: concernThe skill claims to generate TA signals across 20 Binance pairs, macro regime, Fear & Greed index, Reddit sentiment, and trade ideas, but there are no declared data sources, API endpoints, or credentials (e.g., Binance API key) and no implementation details. That absence is inconsistent with the stated purpose: producing reliable signals typically requires explicit data feeds and parsing logic.
Instruction Scope: concernSKILL.md is extremely minimal and open-ended ('Use crypto-signals-daily to get started') with no concrete steps. This grants the agent broad discretion to fetch data from arbitrary endpoints, call other skills, or access system/network resources to assemble the briefing—actions that are not constrained or documented by the skill.
Install Mechanism: okInstruction-only skill with no install spec and no code files. Nothing is written to disk by the skill package itself, which lowers supply-chain risk.
Credentials: noteThe skill requests no environment variables or credentials. That reduces direct credential-exfiltration risk, but is also unexpected given the Binance and Reddit data it promises; legitimate implementations would usually require API keys or explicit public endpoints. The lack of declared env/config raises an incoherence (either it relies on other unspecified skills/resources or it will fetch data from arbitrary public sources).
Persistence & Privilege: okNo 'always: true' or other elevated persistence flags. The skill is user-invocable and allows autonomous invocation (platform default), which is normal, but combined with the vague instructions this increases the importance of knowing what external calls the agent may make.