Back to skill
Skillv1.0.0
ClawScan security
Binance Spot WebSocket Skill · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 15, 2026, 3:11 PM
- Verdict
- Benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill is internally coherent for subscribing to Binance public WebSocket market streams; it is instruction-only, read-only, and does not request credentials, but there are small metadata mismatches you should verify before installing.
- Guidance
- This skill appears to do what it says: it runs public Binance Spot WebSocket subscriptions via the `uxc` CLI and writes event NDJSON to a sink file. Before installing, verify you trust the `uxc` binary that will run (confirm its origin/version), ensure you want the skill to write to $HOME/.uxc/subscriptions (check permissions and available disk space), and note that the included validate script expects `rg` (ripgrep) during validation/publishing even though the registry metadata doesn't list required binaries. No API keys or secrets are requested. If you plan to allow autonomous agent invocation, remember the agent could start/stop uxc jobs—ensure that runtime behavior is acceptable for your environment.
Review Dimensions
- Purpose & Capability
- noteThe SKILL.md clearly documents subscribing to Binance public Spot WebSocket streams via the `uxc` CLI, which matches the skill name and description. However, the registry metadata lists no required binaries while the SKILL.md explicitly requires `uxc` in PATH (and the included validate.sh requires `rg`). That mismatch is a packaging/metadata inconsistency but not hostile.
- Instruction Scope
- okInstructions are narrowly scoped to starting/stopping `uxc subscribe` jobs, inspecting NDJSON sink files under $HOME, and handling combined/raw stream envelopes. The skill explicitly states it is read-only and excludes private/signed APIs. It does reference writing to the user's home (~/.uxc/subscriptions) which is expected for a sink.
- Install Mechanism
- okNo install spec is provided (instruction-only), so nothing will be written or fetched by the skill itself. This is the lowest-risk install model.
- Credentials
- noteThe skill requests no environment variables or credentials, which is appropriate. One caveat: the runtime uses $HOME and a writable sink path, and the included validation script requires the `rg` binary — these runtime/tool dependencies are not declared in registry metadata and should be verified by the user.
- Persistence & Privilege
- okThe skill is not marked always:true and is user-invocable. It does not request persistent privileges or modify other skills' configuration. Autonomous invocation is allowed (platform default) but the skill's behavior is narrowly scoped.