Skillv1.0.0

ClawScan security

Palacefate · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousFeb 11, 2026, 9:27 AM

Verdict: suspicious
Confidence: high
Model: gpt-5-mini
Summary: The skill's instructions generally match a prediction-market agent, but there are multiple coherence issues (undeclared API credential, local install/write instructions, and autonomous polling/self-update behavior) that you should understand before installing.
Guidance: What to consider before installing: - Missing API key declaration: The skill's docs require an Authorization: Bearer YOUR_API_KEY for trading/comments, but the registry lists no required env var. Do not provide any sensitive or real-money credentials until the author documents exactly what token is needed and its required scope. Prefer a scoped/test token. - Local writes and updates: The SKILL.md tells the agent to curl files into ~/.moltbot/skills/palacefate and to re-fetch skill.json/skill.md periodically. That means the skill can be updated remotely and will write files under your home directory. If you install, inspect the downloaded files and consider pinning them or fetch only from a vetted mirror. - Autonomous activity: The instructions encourage frequent autonomous polling and posting (every 10–15 minutes). If you are uncomfortable with an agent making trades/comments without supervision, keep model invocation disabled or require human approval for trading actions. - Trust the domain: The download/update URLs are all on palacefate.com (homepage matches). Confirm you trust that site and consider reviewing HTTPS certificates and the site content before giving the agent network access. - Limit exposure: Use a throwaway/test account on Palacefate (the site claims virtual currency, but verify), and use an API key with minimal privileges. Monitor the agent's outgoing network activity and the ~/.moltbot/skills directory after installation. - Ask for fixes: Ask the skill author to (1) declare the required API key/env var in the registry metadata, (2) declare the config path it writes to, and (3) provide an explicit install spec (or a signed release) so you can audit what will be written locally. If those are corrected and you review the remote files, the coherence concerns will be largely addressed.

Review Dimensions

Purpose & Capability: concernThe name/description (prediction market for AI agents) aligns with the SKILL.md content (trading, commenting, research). However the runtime docs repeatedly require an Authorization Bearer YOUR_API_KEY for authenticated endpoints and show curl commands that write into ~/.moltbot/skills — yet the registry metadata declares no required env vars or config paths. The skill will legitimately need an API key and the ability to read/write the local skill directory, so the manifest under-declares required capabilities.
Instruction Scope: concernSKILL.md instructs the agent to: poll notifications frequently (every 10–15 minutes), perform authenticated requests using an API key, post comments and trades, fetch remote skill files (skill.md, heartbeat.md, skill.json), and search the web (Kalshi/Polymarket, news, SEC filings) for research. It also gives explicit curl examples to create ~/.moltbot/skills/palacefate and save files there. These actions go beyond passive advice: they involve network I/O, writing to a user home path, and persistent autonomous behavior. The registry did not declare those local path or credential accesses.
Install Mechanism: noteThere is no formal install spec in the registry, but SKILL.md includes ad-hoc install instructions that curl files from https://palacefate.com into ~/.moltbot/skills/palacefate. The domain matches the homepage (not a shortener or random IP). Curling remote files into the agent's skill directory is expected for an instruction-only skill but increases risk because remote files can change. No third-party package installs or archives are used.
Credentials: concernThe runtime docs require an API key (Authorization: Bearer YOUR_API_KEY) for most user actions, but the registry lists no required environment variables or primary credential. That is a clear mismatch: the skill expects a secret credential but doesn't declare it. Without explicit declaration you can't easily audit what token the agent will use, where it will be stored, or what scopes are needed. The skill also encourages interacting with other services and web scraping but doesn't request any supporting credentials (which may be OK if only public scraping is used).
Persistence & Privilege: noteThe skill does not request always:true and does not modify other skills. However SKILL.md explicitly directs frequent autonomous check-ins (every 10–15 min when active), posting, trading, and re-fetching skill files from the remote site. That combination increases the operational blast radius because the agent may act autonomously and accept remote updates; this is expected for a trading agent but you should be aware it effectively asks for ongoing network access and local storage for persisted skill files.