Skillv1.0.1

ClawScan security

impossible finance skills · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousFeb 18, 2026, 2:17 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's behavior (creating and using a local wallet/private key and interacting with BSC) is coherent with its stated purpose, but there are packaging inconsistencies and sensitive operations (private key storage and optional cross-skill credential reads) that warrant caution before installing.
Guidance: This skill legitimately needs a local wallet and BSC RPC access to sign and submit trades, but that requires handling your private key — which is very sensitive. Before installing: (1) confirm the skill's origin and trust the publisher (the registry metadata does not align with the embedded SKILL.md); (2) only use a dedicated, small-balance wallet for this skill and encrypt the wallet file at rest with strict file permissions; (3) review the full SKILL.md (including the Security section) to see how key encryption and confirmations are implemented; (4) be cautious about allowing any skill to read other skills' credential files (the clawchain path here is optional but could increase risk); and (5) if you need assurance, ask the publisher for a signed release, a code sample showing exactly how keys are handled, or run the wallet-creation scripts offline and inspect their output before giving the agent access.

Review Dimensions

Purpose & Capability: noteThe skill's declared functionality (wallet creation, token discovery, swaps, balance checks) matches the environment variables, files, and dependencies described inside skill.md. However, the registry-level metadata provided with the skill claims no required env vars/credentials while the embedded SKILL.md defines multiple required env vars, credential file paths, and dependencies — an internal inconsistency in packaging.
Instruction Scope: okSKILL.md instructions stay within the stated scope: they read/write a wallet file under ~/.config/impossible_agent, optionally read an existing clawchain credentials file, call a BSC RPC endpoint, and use the Impossible Finance router/factory contracts. The instructions do not (in the visible portion) request arbitrary system-wide file access or exfiltrate data to unexpected endpoints.
Install Mechanism: okThis is an instruction-only skill with no install spec or bundled code. Dependencies are normal for the task (Node.js and the ethers npm package). There are no remote downloads from untrusted URLs or archive extraction steps in the manifest.
Credentials: concernThe skill requires creating and reading a local wallet file containing private key material and may read an optional ClawChain credentials file from another skill's config path. That is functionally necessary for on-chain signing, but it is high-risk: storing private keys on disk and allowing a skill to read another skill's credentials increases attack surface and must be justified and protected (encryption, strict permissions). Also, the registry metadata failing to list these env/credential requirements reduces transparency.
Persistence & Privilege: okThe skill does not request permanent 'always:true' inclusion and doesn't declare modifications to other skills or system-wide agent settings. It persists a wallet file in a dedicated config path, which is expected for this functionality.