stablecoin-depeg-scanner
Security checks across static analysis, malware telemetry, and agentic risk
Overview
The skill is a coherent depeg-analysis helper that runs an included Python script and gives speculative buy/watch/avoid guidance, with no artifact evidence of credential use, persistence, or exfiltration.
Install only if you are comfortable with a skill that runs a local Python script, queries public crypto-data sources, and gives speculative trading recommendations. Use it as a research aid, not as automatic financial advice, and verify exploit and collateral facts independently before making any trade.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The skill may run local code and perform market-data lookups before producing a recommendation.
The skill asks the agent/user to execute a local Python helper with user-supplied inputs. This is central to the stated market-analysis purpose, but it is still a tool-execution capability users should knowingly approve.
cd SKILL_DIR && python scripts/depeg_eval.py <COIN> --capital <USER_CAPITAL>
Review the included script before running it, use only the capital/risk-budget information needed for sizing, and verify results before acting.
A user could feel pushed to make a rushed speculative crypto purchase based on the agent’s output.
The wording encourages fast, high-stakes trading decisions. This matches the skill’s disclosed crisis-arbitrage purpose, but it can increase user over-trust in the agent’s recommendation.
Speed over perfection — 3 minutes, not 30 minutes. First-mover advantage is everything.
Treat the output as research support only, independently verify collateral/exploit facts, and make any trading decision yourself.
Users have less context for who maintains the helper script or where to verify updates.
The skill includes runnable code, but the registry metadata does not provide an external source or homepage for provenance. This is not suspicious by itself, but it reduces independent verifiability.
Source: unknown; Homepage: none
Inspect the included files before use and prefer installing from a source with clear ownership and version history when available.