Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
GoldRush MCP Skill
v1.0.0Use GoldRush MCP through UXC for multichain wallet balances, transfers, portfolio history, NFT ownership, token approvals, prices, and chain metadata via std...
⭐ 0· 98·1 current·1 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The skill name/description (GoldRush MCP multichain wallet/NFT/portfolio tooling) matches the SKILL.md instructions. However the registry metadata claims 'Required env vars: none' and 'Primary credential: none' while SKILL.md repeatedly requires a GOLDRUSH_API_KEY, uxc, and npx. That metadata mismatch is an incoherence — the skill legitimately needs an API key for the stated purpose but the manifest does not declare it.
Instruction Scope
SKILL.md stays within the stated purpose: it tells the agent to run the GoldRush MCP stdio server via `npx`, to set up uxc credentials, and to prefer help-first/read-only calls. It does instruct injecting a secret into the subprocess (GOLDRUSH_API_KEY) and suggests a secret manager path (op://Engineering/goldrush/api-key). The instructions do not ask the agent to read unrelated system files or exfiltrate arbitrary data, but they do direct the agent to execute third-party code and persist a credential in the uxc credential store.
Install Mechanism
There is no install spec (instruction-only). The runtime pattern uses `npx -y @covalenthq/goldrush-mcp-server@latest`, which will download and execute code from the npm registry at runtime. This is coherent for running the described MCP server but carries moderate risk because it executes third-party package code dynamically and uses the `latest` tag rather than a pinned version.
Credentials
The only secret the skill needs for its operations is GOLDRUSH_API_KEY, which is proportionate to the described functionality. However the skill metadata omitted declaring this required env var/primary credential, creating an incoherence. The SKILL.md also references storing the secret via a secret-op path (op://Engineering/goldrush/api-key) — that reference to an external secret path may be unexpected to some users and should be clearly justified in metadata.
Persistence & Privilege
always:false (no forced inclusion) and model invocation is permitted (platform default). The instructions recommend creating a persistent uxc credential entry and a uxc link for `goldrush-mcp-cli`, which is normal for tooling reuse. This is reasonable but means the secret will be stored in the uxc credential store and the link will persist for later automated use, so users should be aware of that persistence.
What to consider before installing
This skill appears to do what it says (run GoldRush MCP via uxc and npx) but there are two practical concerns you should consider before installing: (1) metadata mismatch — the skill actually requires a GOLDRUSH_API_KEY and runtime access to npx/uxc/network, yet the published metadata shows no required env/credential; verify and supply only a scoped GoldRush key and confirm the registry metadata is corrected; (2) runtime execution of third‑party code — the skill runs `npx @covalenthq/goldrush-mcp-server@latest`, which downloads and executes a published npm package each run; confirm the package source (owner/project) is trusted, prefer a pinned version instead of @latest, and consider running the initial fetch in an isolated environment (or auditing the package) before granting access to your secrets. Additional checks that would increase my confidence: explicit required-env/primary credential declared in the registry, a pinned package version or checksum, and a known/official upstream for @covalenthq/goldrush-mcp-server. If you do install, ensure the uxc credential store and secret-op path are appropriate for the environment and that the API key's permissions are limited to what you need.Like a lobster shell, security has layers — review code before you run it.
latestvk9716ns33mr88d5eswwc74n3f58328fm
License
MIT-0
Free to use, modify, and redistribute. No attribution required.