Back to skill
Skillv0.2.1
ClawScan security
Pg Sell · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
ReviewMar 21, 2026, 10:33 PM
- Verdict
- Review
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill's instructions match its stated purpose (selling API capacity) but they reference sensitive credentials and local config files (API keys, wallet keypair, ~/.proxygate/config.json) without declaring them, which is an incoherence worth caution.
- Guidance
- This skill appears to do what it says (help you sell API capacity on ProxyGate) but its instructions expect access to API keys and a wallet keypair file even though the skill metadata doesn't declare them. Before installing or using it: 1) assume the agent will need your ProxyGate API key and/or your ~./proxygate keypair — only provide these if you trust the skill and the agent runtime; 2) prefer using temporary or limited-scope API keys and a wallet with minimal funds for testing; 3) verify the proxygate CLI and gateway URL you use (default gateway.proxygate.ai) and avoid providing secrets to untrusted endpoints; 4) if you need stronger guarantees, request the skill author to declare required credentials and config paths explicitly and to document how secrets are used/stored; 5) monitor account activity (listings, settlements, withdrawals) after first use and rotate keys if anything looks unexpected.
Review Dimensions
- Purpose & Capability
- noteThe name/description (selling API capacity on ProxyGate) aligns with the commands and workflows in SKILL.md and references/commands.md. However, the skill references sensitive artifacts (API keys, Solana keypair path, local config) that are not declared in the skill metadata (no required env vars or config paths). This mismatch is likely an omission but should be considered when granting access.
- Instruction Scope
- concernThe runtime instructions instruct the agent to run proxygate CLI commands that may read or use local files and secrets: e.g., keypair path (~/.proxygate/keypair.json), config file (~/.proxygate/config.json), and explicit --api-key values. The SKILL.md does not restrict or explain how the agent should handle those secrets, and it gives the agent broad actions (create listings, rotate keys, upload docs, check settlements) that involve account-level operations and funds. Instructions do not attempt to exfiltrate to unexpected endpoints, but they do rely on local credential material not declared in metadata.
- Install Mechanism
- okThis is an instruction-only skill with no install spec and no code files. That minimizes on-disk installation risk.
- Credentials
- concernThe skill metadata declares no required env vars or config paths, yet the instructions presuppose possession/access of API keys and a Solana wallet keypair file and reference a config path. Requesting or using such credentials is appropriate for the described tasks, but the omission in the metadata is an inconsistency: users and the platform cannot automatically reason about what secrets this skill will need or touch.
- Persistence & Privilege
- okThe skill is not always-enabled and does not request elevated platform privileges. It does perform account-level actions (listings, rotate keys, payouts) but those are within the scope of a seller workflow and require user authentication; the skill itself does not request persistent/autonomous elevation in the metadata.