ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Portfolio Risk Analyzer

v0.1.0

Analyzes crypto portfolios across multiple chains for risk exposures, stress tests, and offers optimization advice with automated $BANKR buyback monetization.

0· 1.9k·2 current·2 all-time
by@kellyclaudeai
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The code and SKILL.md implement portfolio scanning, token-gating, and an automated buyback flow that matches the skill name. However there are multiple incoherences: registry metadata at the top lists no required env vars while SKILL.md and server.js require RPC endpoints, API keys, Twilio credentials, and a PAYMENT_WALLET_KEY private key. skill.json lists only Node/npm/curl/jq as required bins and primaryEnv=ETHEREUM_RPC — again inconsistent with SKILL.md. The monetization (auto-buyback to $BANKR) is a legitimate feature for the stated purpose, but the mismatch between declared requirements and actual runtime needs is significant and unexplained.
!
Instruction Scope
Runtime instructions tell the operator to set sensitive environment variables (RPCs, API keys, and a full PAYMENT_WALLET_KEY private key) and to run servers and scripts that will accept webhooks and perform swaps. server.js schedules an hourly cron job that execs the buyback script, so the skill can autonomously perform on-chain transactions. Many referenced scripts and endpoints (check-bankr-balance.js, fetch-portfolio.js, uniswap-swap.js, burn-tokens.js, payment-server.sh, voice-bot.sh, etc.) are referenced in SKILL.md and server.js but are not present in the file manifest; this makes it impossible to fully verify runtime behavior and increases risk. The instructions also direct the agent to accept payment webhooks and to execute financial transactions — actions that require careful security controls which are not described.
Install Mechanism
There is no platform install spec (install-only by instructions), but a package.json with normal npm dependencies (ethers, axios, twilio, node-cron, @uniswap packages). No suspicious remote downloads or URL-shortened installers are present. Installing will require running npm install and writing these files to disk; that is expected for a Node.js skill but still requires running third‑party packages.
!
Credentials
The environment variables requested in SKILL.md (RPC endpoints, API keys, Twilio creds) are reasonable for portfolio scanning and voice integration. However PAYMENT_WALLET_KEY (a private key) is required to perform automated buybacks — this is highly sensitive and gives the skill the ability to move funds from the configured wallet. Requesting a full private key is functionally proportional to executing swaps, but because the package also runs automated cron-triggered buybacks and references missing scripts, the risk of misuse or accidental loss is elevated. Additionally, the registry metadata incorrectly claims 'Required env vars: none' which is an important inconsistency.
!
Persistence & Privilege
always:false (good), but server.js installs an hourly cron job within the process to run execute-buyback.sh. The combination of autonomous scheduled execution + possession of a private key increases blast radius: the skill can autonomously spend funds from the PAYMENT_WALLET_ADDRESS. Autonomous invocation is normal for skills, but when combined with full signing credentials and missing/incomplete code, this raises a significant operational risk that should be mitigated before deployment.
Scan Findings in Context
[child_process_exec] expected: server.js uses execSync('./scripts/execute-buyback.sh ...') to trigger the buyback script on a schedule. Using child_process to run on-chain transaction scripts is functionally reasonable for automated buybacks, but it increases the surface for command injection and makes secret handling/logging important.
[requests_private_key_env] expected: SKILL.md and .env.example instruct operators to set PAYMENT_WALLET_KEY (private key) to receive payments and execute buybacks. This is necessary to sign transactions, but it's highly sensitive — a better design would use a signing service or a vaulted key with limited funds.
[cron_job] expected: A cron.schedule('0 * * * *', ...) in server.js runs buybacks hourly. Expected for automated buyback functionality, but this means the skill acts autonomously on a schedule and will use the configured wallet without per-operation human approval.
[missing_referenced_files] unexpected: server.js and SKILL.md reference several scripts (e.g., scripts/fetch-portfolio.js, scripts/uniswap-swap.js, scripts/check-bankr-balance.js, scripts/burn-tokens.js, payment-server.sh, voice-bot.sh) that are not present in the file manifest. The absence of these files prevents a full review of runtime behavior and could hide additional functionality or data exfiltration.
[registry_metadata_mismatch] unexpected: Top-level registry metadata reports 'Required env vars: none' but SKILL.md and skill.json declare many required env vars and primaryEnv. This inconsistency is a red flag about how the package was described to the registry vs its real requirements.
What to consider before installing
This skill implements the advertised portfolio analysis and an automated buyback mechanism, but it asks you to provide a full private key and will run hourly buybacks automatically. Before installing or running it: - Do NOT provide your main wallet private key. Use a dedicated hot wallet with only the funds you can afford to lose, or better, use a custodial/signing service or multisig that requires human approval. - Inspect the repository fully (the package is missing many referenced scripts); ask the author for the missing files or a link to the canonical source (GitHub). Do not run the server until you can review the missing code. - Verify all contract addresses (BANKR_TOKEN, UNISWAP_ROUTER) and the code that performs swaps to ensure no malicious recipient or routing is used. - Run the service in a sandboxed environment (isolated VM/container), and avoid running as root. Monitor outbound connections and logs to detect any exfiltration of secrets. - Consider disabling the automated cron buyback until you have audited the swapping code and confirmed expected behavior; prefer manual buybacks after review. - If you lack the expertise to audit smart‑contract interactions and private‑key handling, treat the skill as high risk and avoid installing it. Request a published repository or independent audit from the author before use.

Like a lobster shell, security has layers — review code before you run it.

latestvk971qh8bc11t7h03m0tq47xmyh80agxa

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments