Skillv1.0.0

ClawScan security

Dune Mcp Skill · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 7, 2026, 4:07 PM

Verdict: suspicious
Confidence: high
Model: gpt-5-mini
Summary: The skill's instructions require a Dune API key and secret-manager bindings but the package metadata does not declare any required environment variables or credentials, creating a clear incoherence the user should review before installing.
Guidance: This skill appears to be what it says (a uxc-based client for Dune MCP) but there is a clear metadata mismatch: SKILL.md requires a DUNE_API_KEY (and optionally an op:// secret path) while the registry metadata lists no required environment variables or credentials. Before installing, confirm with the publisher how the DUNE_API_KEY should be supplied and stored. If you will supply an API key, prefer using your own secret manager entry (not an organizational op:// path you don't control). Verify you trust the 'uxc' binary and the linked 'dune-mcp-cli' (inspect what those commands do on your system). Also note the repository includes a validate.sh that expects 'rg' (ripgrep) and runs sanity checks — review that script locally if you plan to run it. If the publisher cannot explain why required env/credentials are absent from metadata, treat this as a red flag and avoid granting secrets until clarified.

Review Dimensions

Purpose & Capability: noteThe name/description (Dune MCP via uxc) matches the instructions: discovery, query lifecycle, and visualization using the uxc CLI and Dune MCP API. However the skill's runtime docs explicitly require a DUNE_API_KEY and optional secret-op binding, but the registry metadata lists no required environment variables or primary credential — this mismatch is unexpected and should be clarified.
Instruction Scope: okSKILL.md stays within the stated purpose: it documents uxc/uxc-linked dune-mcp-cli commands, help-first probing, read-only discovery vs credit-consuming ops, and explicit user confirmation for stateful/credit operations. It does reference an op:// secret path for optional secret-manager sourcing, which is an external resource but relevant to auth; otherwise instructions do not attempt to read unrelated files or exfiltrate data.
Install Mechanism: okNo install spec — instruction-only — so nothing will be downloaded or written by the platform. This is low risk. The only runtime dependency is a separately installed 'uxc' tool and an optional linked command 'dune-mcp-cli'.
Credentials: concernSKILL.md requires a Dune API key (references DUNE_API_KEY and an op://Engineering/dune/api-key secret path), but the skill metadata declares no required env vars or primary credential. Requesting access to a named secret or a secret-manager path without declaring it is disproportionate and causes ambiguity about what credentials will be needed or stored.
Persistence & Privilege: okThe skill does not request always:true and does not modify other skills' configs. The included validate.sh enforces local repository checks; it does not persist credentials or alter system-level settings. Autonomous invocation is allowed by default but is not combined with broad unexplained privileges.