Back to skill
Skillv0.6.24
ClawScan security
MoonPay · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignFeb 24, 2026, 2:49 PM
- Verdict
- benign
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill appears to do what it claims (a MoonPay CLI wrapper installed from npm) and its requirements mostly match its description, but there are a few noteworthy operational and exposure risks you should understand before enabling it.
- Guidance
- This skill appears to be a legitimate CLI integration for MoonPay, but take these precautions before installing or enabling it: 1) Verify the npm package owner/publisher (@moonpay/cli) is authentic (check the package page, signatures, and publisher identity) before allowing a global npm install. 2) Be aware the CLI stores credentials locally (~/.config/moonpay/credentials.json and OS keychain) and can perform on-chain transfers and fiat buys — treat this like giving software access to a wallet. 3) Avoid running the MCP server (mp mcp) unless you trust every MCP client that can connect; it exposes CLI functionality to external clients and could allow other tools to trigger financial actions. 4) If you enable the skill for autonomous agent use, restrict agent permissions and monitor transactions closely (or require explicit human confirmation for buys/transfers). 5) If you only need read-only market data, prefer limiting the agent to token search/balance calls or use a read-only API key (if available). If you want, provide the actual npm package metadata (publisher, tarball checksum, or source repository) and I can re-check provenance and raise or lower confidence accordingly.
Review Dimensions
- Purpose & Capability
- okName/description (MoonPay CLI for wallets, swaps, deposits, fiat on/off ramps) aligns with the declared install (npm package @moonpay/cli) and the required binary (mp). No unrelated environment variables or unrelated binaries are requested.
- Instruction Scope
- noteSKILL.md instructs typical CLI operations (login, wallet create, token swap) which are consistent with the purpose, but it also documents 'mp mcp' to start a local MCP server that 'exposes all CLI + remote tools to any MCP-compatible client'. That can expose wallet operations to other MCP clients and increases the attack surface. The doc also references the credentials storage path (~/.config/moonpay/credentials.json) even though 'required config paths' lists none; this should be expected for a CLI but is worth calling out.
- Install Mechanism
- noteInstall is via an npm package (@moonpay/cli) which is a reasonable and expected mechanism for providing an 'mp' binary. npm installs are moderate-risk (packages can contain arbitrary code); this is proportionate to a full-featured CLI but you should verify package provenance (publisher, signature) before installing globally.
- Credentials
- noteThe skill does not request environment variables or external credentials in the registry metadata, which is consistent with an interactive CLI that uses local login flows. The runtime doc references Bearer tokens and OAuth/PKCE and says credentials are stored at ~/.config/moonpay/credentials.json (OS keychain encryption claimed). Not requesting env vars is reasonable, but the skill will hold persistent credentials and private keys locally — that persistence and their storage location are important to review.
- Persistence & Privilege
- okalways:false and model-invocation not disabled (normal). The skill does not request force-inclusion privileges. Note: allowing autonomous agent invocation with a payments/trading CLI means the agent could initiate financial actions (swaps, transfers, buys) if given permission — consider limiting autonomy for financial operations.