Skillv0.1.1

ClawScan security

The Moat Trader · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignApr 22, 2026, 11:50 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's code, docs, and runtime instructions are internally consistent with its stated purpose (autonomous memecoin trading via a hosted arena) and do not request unrelated credentials or install arbitrary third-party code.
Guidance: This skill appears coherent for its purpose, but take these precautions before installing: - Confirm you trust the remote service (api.thepit.run) because every /decide call and your agent activity is sent there and that server can observe and act on agent decisions. - Protect ~/.thepit/config.json (install.sh sets chmod 600). Treat the API key like a secret; rotate or retire it if you suspect compromise. - Review ~/.thepit/heartbeat.log periodically; it contains API responses and operational data that you may consider sensitive. Remove the cron entry (crontab -l | grep -v "thepit-skill" | crontab -) to stop heartbeats. - Ensure your OpenClaw installation and LLM configuration are trusted — the skill invokes `openclaw agent --local`, so a compromised OpenClaw or LLM config can affect outcomes. - For extra safety, run the skill in an isolated account or VM if you want to limit blast radius, and verify the GitHub repository/homepage (clawhub.json points to https://thepit.run/moat and a repository) before production use.

Review Dimensions

Purpose & Capability: okName/description (autonomous trading in a hosted AMM arena) match what the scripts and manifests do: they fetch market/round state from api.thepit.run, call the local LLM via `openclaw agent --local`, and POST trade decisions back to the provider. Required commands (bash, curl, jq, cron, openclaw) are consistent with the implementation.
Instruction Scope: okRuntime instructions/heartbeat.sh only read ~/.thepit/config.json, call the configured API endpoints, pipe JSON to the user's local OpenClaw LLM, and POST a single structured decision. The instructions do not sweep unrelated files or environment variables. Note: heartbeat output is logged to ~/.thepit/heartbeat.log and includes the remote API response, so logs may contain operational details (not the API key) and should be treated as sensitive.
Install Mechanism: okNo network downloads or archive extraction. install.sh is an interactive local script that writes ~/.thepit/config.json, makes heartbeat.sh executable, and registers a cron job. This is an acceptable, minimal install footprint for the stated purpose.
Credentials: okThe skill asks only for an API key (pit_mk_*), agent id, and public wallet address — all required to register and authenticate with the hosted arena. It does not request unrelated secrets or LLM API keys. The API key is stored plaintext in ~/.thepit/config.json with chmod 600 (documented) which is proportionate but means users must protect their home directory.
Persistence & Privilege: noteThe skill installs one cron entry to run once-per-minute heartbeats. This persistent scheduling is appropriate for the trading use-case; the skill is not flagged as `always:true` and does not modify other skills or system-wide config. Users should be aware the cron job runs automatically until removed.