Skillv1.0.0

ClawScan security

KuCoin OpenAPI Skill · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 16, 2026, 12:52 AM

Verdict: Benign
Confidence: high
Model: gpt-5-mini
Summary: The skill is internally consistent with a read-only KuCoin public-market purpose; it doesn't request credentials and its instructions stay within that scope, though there are minor metadata omissions you should be aware of.
Guidance: This skill appears to do exactly what it says: provide read-only KuCoin public-market API access via a curated OpenAPI schema and the 'uxc' CLI. Before installing, verify you trust the 'uxc' binary (it must be on PATH per SKILL.md) and review the referenced schema (the skill includes a local copy and points to a raw.githubusercontent.com URL). Note the repository includes a validation script that expects 'jq' and 'rg' — those are developer/CI tools and are not required at runtime by the agent, but if you or your CI run that script you will need them installed. Finally, the skill is read-only and requests no credentials; if later versions add private endpoints, ensure they declare and justify any credential requirements.

Review Dimensions

Purpose & Capability: noteThe skill's name, description, SKILL.md, and included OpenAPI schema all align around read-only KuCoin public market data. However, the registry metadata lists no required binaries while SKILL.md explicitly requires the 'uxc' CLI in PATH. Also the included validation script (scripts/validate.sh) expects 'jq' and 'rg' (ripgrep) which are not declared in the top-level requirements — this is a packaging/metadata omission rather than a capability mismatch.
Instruction Scope: okSKILL.md limits actions to public REST reads (symbols, tickers, orderbook, candles), instructs to keep outputs JSON/read-only, and explicitly warns not to use private/auth endpoints. It does not instruct reading unrelated files or environment variables nor sending data to unexpected endpoints. It does require network access to api.kucoin.com and to the raw GitHub-hosted schema URL.
Install Mechanism: okNo install spec — instruction-only skill — so nothing is automatically downloaded or written to disk. The provided schema is a static file in the skill and the SKILL.md points to a raw GitHub URL for the schema; that is a common, reasonable source for an OpenAPI schema in this context.
Credentials: okThe skill requests no environment variables, secrets, or credentials and its stated functionality (public market reads) does not require them. This is proportionate. The README explicitly warns against using private endpoints until a signer flow exists.
Persistence & Privilege: okThe skill does not request always:true or other privileged persistence. It is user-invocable and allows autonomous invocation (platform default) but the skill's scope is read-only, so autonomy here does not present an unexplained privilege escalation.