Skillv0.1.1

ClawScan security

Crypto Research Interactive Framework · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignApr 3, 2026, 11:43 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: This skill is a documentation-only prompt framework for crypto research (pure Markdown) and its requested capabilities (reading framework files, writing workspace outputs, and using web search/MCP data when configured) align with its stated purpose.
Guidance: This repo is a prompt-engineering framework (only Markdown) and is internally consistent, but take these precautions before enabling it: 1) Limit the AI agent's filesystem permissions to the CRIF repo and a dedicated workspaces/ directory — don't grant it broad system access. 2) Keep any MCP API keys or other secrets out of the repo (store them locally in .mcp.json and add that file to .gitignore). 3) Be aware the skill expects network access for web search/data; if you restrict network you may lose live-data features. 4) Review the README/SKILL.md and a few representative workflow files yourself to ensure the check-in frequency and autonomy model match how you want the agent to behave. 5) Monitor outputs and source citations for accuracy (the framework relies on web sources and user verification). If you need more assurance, request a short summary of the specific file read/write and network operations the hosting agent will perform while running CRIF.

Review Dimensions

Purpose & Capability: okName/description (crypto research framework) match the actual contents: a large set of Markdown instructions, persona definitions, workflows and templates. The declared requirements (none) and the implied needs (read framework files, write to workspaces, optional network access for research) are coherent for a research assistant.
Instruction Scope: okSKILL.md and referenced docs instruct the AI to read the repository's Markdown files and to write outputs under workspaces/. It explicitly scopes file reads to framework references and writes to workspaces; it asks for websearch/webfetch or optional MCP servers for live data. There are no instructions to read unrelated system files or harvest credentials.
Install Mechanism: okNo install spec and no code/binaries are included (instruction-only). No archives, downloads, or external installers are referenced by the skill itself.
Credentials: okThe skill declares no required environment variables or credentials. Optional MCP API keys are described as user-provided and stored in a local config (.mcp.json) outside the framework. Requested access (file read/write limited to repo and workspaces, and network access for public data) is proportionate to crypto research.
Persistence & Privilege: okThe skill is not forced-always (always:false). It allows normal autonomous invocation (disable-model-invocation:false) which is platform default and not by itself suspicious. Its persistence model is just writing session state and outputs under workspaces/, which matches its purpose.