Skillv1.0.1

ClawScan security

vibetrading-global-signals · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousFeb 12, 2026, 4:02 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill appears to do what it claims (fetch trading signals from vibetrading.dev), but there are incoherent/incomplete pieces (required binaries vs actual runtime, open API claim, and the lack of an install spec) that warrant caution before installing or using it.
Guidance: Key things to check before installing or running this skill: - Verify the endpoint ownership and trustworthiness of https://vibetrading.dev (the changelog notes a domain move from datahub-prd.fmcp.xyz). Ensure you are comfortable sending queries to that domain. - Be aware npm install will pull packages from the public npm registry (axios, https-proxy-agent and many transitive deps). Consider running npm audit, reviewing package-lock.json, and installing in an isolated environment (container or VM) if you’re concerned about supply-chain risk. - The SKILL.md/metadata mismatch: the skill lists curl and jq as required, but the runtime is Node.js. Make sure Node >=18 is available before running the scripts. - The skill claims the API is open (no token). That is plausible but unusual for a signals/data API — confirm the API really requires no auth and has acceptable rate limits and privacy practices. - If you will schedule cron/automated runs, limit frequency to avoid accidental rate limits or unexpected data exfil (keep it local, don’t forward raw responses to third parties). If you want a higher-confidence assessment, provide: (1) confirmation of who operates vibetrading.dev or an official homepage; (2) the exact environment where you plan to run the skill (so I can advise about isolation); or (3) a copy of the API responses (sample JSON) so I can verify the scripts’ assumptions and check for unexpected data fields or callbacks.

Review Dimensions

Purpose & Capability: concernThe skill description and scripts all target the vibetrading.dev API and only need network access to query JSON signals. However the SKILL.md metadata declares required binaries: curl and jq, while the provided scripts are Node.js programs (package.json requires node >=18 and scripts use axios). Node (and npm) are not listed as required; curl/jq are only used in documentation examples. This mismatch is disproportionate and likely a packaging/documentation error.
Instruction Scope: noteSKILL.md instructs the agent/user to run the included node scripts and shares curl examples that query https://vibetrading.dev/api/v1. The runtime instructions do not ask the agent to read local secrets, other config paths, or to send data to unexpected endpoints. They do suggest scheduling cron jobs and running npm install (README), which are normal but increase persistence of network queries if the user enables them. The SKILL.md's claim that 'No authentication required' is unconventional for trading/data APIs and should be independently verified.
Install Mechanism: noteThis is instruction-only (no platform install spec), but packaged files include package.json and package-lock.json with dependencies (axios, https-proxy-agent, and transitive packages) pulled from the public npm registry. That is normal and traceable, but running npm install will fetch those packages (supply-chain risk). There are no downloads from arbitrary URLs or extract steps in the skill metadata. Because there is no formal install spec, the installation step relies on the user/agent running npm install manually.
Credentials: okThe skill declares no required environment variables or credentials and the scripts do not access any local environment secrets. That is proportionate to the stated purpose (public API queries). One caveat: the SKILL.md states the API is 'open' (no token required) after a domain change; you should verify that claim and confirm you trust vibetrading.dev before allowing periodic automated requests.
Persistence & Privilege: okalways is false and the skill does not request any elevated or persistent platform privileges. It suggests cron scheduling as an optional user action, which is normal for monitoring scripts. The skill does not modify other skills or agent configuration.