Skillv0.1.0

ClawScan security

Lista · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 11, 2026, 10:17 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's files and runtime instructions are consistent with a read-only lending assistant that fetches data from Lista services and stores simple local preferences; nothing requested or installed appears disproportionate to its stated purpose.
Guidance: What to consider before installing: - This is a read-only lending/reporting skill that fetches data from Lista services (primary endpoints: api.lista.org and optional MCP at mcp.lista.org). Confirm you trust those external endpoints before enabling the skill. - The skill includes a Node.js helper (scripts/moolah.js) used as a fallback. If your agent environment lacks node, the skill will fallback to MCP or curl where possible. If you do have node, the agent may run the bundled script (it uses only Node stdlib and HTTPS). - The skill will read and write small files under ~/.lista (language choice and thresholds). If you prefer no local writes, be aware the skill will silently use existing ~/.lista/language.txt and ~/.lista/thresholds.json when present. - The skill does not request API keys or tokens; references to Telegram/Discord push are described in SKILL.md but no credentials or webhook setup is included in the files provided — therefore push delivery likely requires additional configuration outside the skill. - Minor metadata mismatch: the manifest did not declare required binaries or config paths even though the instructions use node and ~/.lista. This is not malicious but worth noting when assessing runtime expectations. - If you need higher assurance, verify the API host (api.lista.org) and inspect the full moolah.js script in your environment before running it. If you want to avoid any on-disk writes, block or audit writes to ~/.lista or run the skill in a constrained environment.

Review Dimensions

Purpose & Capability: noteThe skill claims read-only lending reports for BSC/Ethereum and uses MCP tools, a bundled Node.js helper (moolah.js), and a public REST API (api.lista.org). This footprint is coherent with the described functionality. Minor mismatch: registry metadata declares no required binaries or config paths, yet SKILL.md expects a Node.js fallback (node moolah.js) and reads/writes ~/.lista files. These are plausible design choices but should be noted.
Instruction Scope: noteSKILL.md instructs the agent to call MCP tools, run the included Node script, or curl the api.lista.org REST endpoints. It also directs reading/writing small config files in ~/.lista (language.txt, thresholds.json). All of these actions are within the stated read-only/reporting scope, but the local filesystem writes (language and threshold persistence) are side-effects the user should expect. The skill correctly disallows actionable lending execution flows.
Install Mechanism: okNo install spec or third-party downloads are present. The included scripts/moolah.js uses Node's stdlib and makes HTTPS requests to api.lista.org; there are no URLs that would fetch arbitrary archives or executables. This is low-risk relative to many install-time patterns.
Credentials: noteThe skill does not request environment variables, tokens, or access to unrelated credentials. It does read/write user-local config files (~/.lista), which is reasonable for storing language and threshold preferences but was not declared in required config paths metadata. There are no requests for AWS/Discord/Telegram tokens, so push-notification references appear to be behavioral descriptions rather than implemented credentialed webhooks.
Persistence & Privilege: okalways:false and normal autonomous invocation settings. The skill only persists its own small config files in the user's home directory (~/.lista). It does not request or attempt to modify other skills' configs or system-wide agent settings in the provided files. The SKILL.md shows example MCP configuration snippets but does not itself perform or require automatic modification of the agent's MCP configuration.