Skillv1.0.0

ClawScan security

Kraken OpenAPI Skill · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

ReviewMar 16, 2026, 12:52 AM

Verdict: Review
Confidence: medium
Model: gpt-5-mini
Summary: The skill is mostly coherent for read-only Kraken public data, but shipping an additional OpenAPI file that includes private/account endpoints (and linking to a remote raw GitHub schema at runtime) is an unexplained inconsistency you should review before installing.
Guidance: Plain-language next steps and risks to consider before installing: - The skill itself is a read-only Kraken public-market helper and its runtime instructions are narrowly scoped to public endpoints. That is coherent with its description. - However, the package also includes a second OpenAPI file (references/kraken-spot-futures.openapi.json) that documents private/account endpoints (balances, add/cancel order). The SKILL.md instructs you to avoid private endpoints, so the presence of that file is unexplained — inspect it and ask the publisher why it is included before trusting the skill. - The skill relies on uxc and a schema fetched from raw.githubusercontent.com at runtime. Make sure you trust the uxc implementation and that the schema URL is the canonical one you expect; a malicious or tampered schema could cause unintended API calls. - There are no environment variables or credentials requested by this skill now, so it will not ask for your API keys. If you later enable private functionality, require a well-reviewed Kraken signer flow and explicitly scoped credentials. - If you are not familiar with uxc or do not trust the skill author, review the files locally (especially the spot/futures schema and scripts/validate.sh) and confirm the linked schema URL before enabling automatic invocation. If you want higher assurance, ask the skill publisher why the private OpenAPI file is included and request its removal (or justification) before use.

Review Dimensions

Purpose & Capability: noteSKILL.md and the public OpenAPI (references/kraken-public.openapi.json) are consistent with a read-only Kraken public-market skill. However, the repo also contains references/kraken-spot-futures.openapi.json which documents private /0/private/* endpoints (balances, orders, etc.). Including that private-schema file conflicts with the stated public-only scope and is unnecessary for the described v1 behavior.
Instruction Scope: okRuntime instructions stick to public reads via uxc and explicit link/inspect-before-run workflows. They do not instruct reading local secrets or accessing unrelated system paths. Guardrails emphasize read-only use and a private-auth boundary.
Install Mechanism: okThis is instruction-only (no install spec). The skill expects uxc to be installed and fetches a schema from raw.githubusercontent.com (a common release host). No arbitrary third-party binary downloads or extract operations are included in the skill itself.
Credentials: noteThe skill declares no required env vars or credentials, which matches public-data-only usage. The presence of the separate 'spot-futures' OpenAPI file that defines private endpoints suggests potential future need for credentials—this is not requested now but is an unexplained artifact.
Persistence & Privilege: okalways:false and no unusual persistence or modification of other skills. Autonomous invocation is allowed (platform default) but not combined with broad credential access in this package.