Back to skill
Skillv0.1.0
ClawScan security
Solana Alerts · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 7, 2026, 9:45 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's code and instructions are coherent with a Solana price-alert utility — no unexpected credentials, downloads, or hidden endpoints were found — but it depends on platform-provided shared modules and uses an undeclared system env var (OPENCLAW_SYSTEM) you should review before enabling.
- Guidance
- This skill appears to implement what it claims (create/list/delete price alerts) and does not request keys or perform downloads. Before installing: 1) Confirm you trust the platform's shared modules (shared/services, shared/scheduler, etc.) because the scripts delegate all data storage, notification sending, and network I/O to those external modules. Review those modules if possible. 2) Ensure your environment provides SOLANA_NETWORK as expected. 3) Note check-prices.js requires a system-authorized call (OPENCLAW_SYSTEM='true' or --system) but SKILL.md's example omits that — clarify how the platform will invoke scheduled checks. 4) If you plan to use Telegram notifications, verify where Telegram credentials are stored and that they are not required by this skill (they are not declared here). If you cannot review the shared modules or the platform invocation model, treat the skill as operationally opaque and exercise caution.
Review Dimensions
- Purpose & Capability
- okName/description match the included scripts: create/list/delete alerts and a price checker. Declared requirements (node and SOLANA_NETWORK) make sense for a Solana alerting tool. Minor note: script comments/usage mention Telegram user IDs (telegram_user_id) which implies integration with a Telegram-based user identity, but that is consistent with a notification service rather than being unexpected.
- Instruction Scope
- noteSKILL.md directs the agent to run the provided node scripts and the scripts only interact with local shared modules (services, scheduler, errors, formatter). They do not embed hard-coded external endpoints, nor do they read arbitrary user files. One inconsistency: check-prices.js enforces system-authorized execution by requiring OPENCLAW_SYSTEM='true' or the --system flag, but the SKILL.md example for running manual checks does not mention passing --system or setting OPENCLAW_SYSTEM. This is an operational mismatch rather than evidence of exfiltration.
- Install Mechanism
- okNo install spec is provided (instruction-only install). There are code files included, but nothing is downloaded or extracted at install time. No external package URLs or installers are present.
- Credentials
- concernThe declared required env var (SOLANA_NETWORK) is reasonable for a Solana-focused skill. However, the scripts reference OPENCLAW_SYSTEM (used as a gate for check-prices.js) which is not declared in requires.env or documented in SKILL.md. The skill does not request API keys, tokens, or other secrets — which is proportionate — but the undeclared reliance on OPENCLAW_SYSTEM and on external shared modules (services/scheduler) means you must trust the platform-provided code those modules expose.
- Persistence & Privilege
- okThe skill is not always-enabled and is user-invocable; it does not request any elevated platform privileges in the package itself and does not modify other skills or system-wide configuration. Autonomous invocation (disable-model-invocation=false) is the platform default and not in itself concerning here.