Skillv1.0.0

ClawScan security

Grvt Markets · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousFeb 22, 2026, 4:35 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's documentation describes a third‑party CLI for trading (which matches the name), but the manifest omits required binaries/credentials and the CLI stores keys on disk and must be installed from an unvetted npm package — these mismatches and sensitive-key handling warrant caution before use.
Guidance: This skill appears to be what it says (a CLI wrapper for GRVT trading) but has several red flags you should consider before installing or using it: - The SKILL.md requires Node.js >=20 and installation via pnpm of @madeinusmate/grvt-cli, but the skill metadata omits required binaries and credentials — treat that as a transparency issue. - The package is a community project (not audited). Installing an unvetted npm package can run arbitrary code; prefer reviewing the package source before installing and run it in an isolated environment (container or throwaway VM). - The CLI requires an API key and for write actions an Ethereum private key; it warns that it stores secrets in plaintext at ~/.config/grvt/config.toml (0600). Avoid handing your private key to an agent; prefer using a limited-scope API key or testnet credentials for experimentation. - The SKILL.md acknowledges the risk and asks for explicit user acknowledgment before use — enforce that. If you must use it, use testnet, rotate keys afterwards, and consider using read‑only credentials or a hardware wallet/signing service rather than placing private keys on disk. If you want to proceed safely, request the skill owner/source code and perform a code review (or have one performed), or run the CLI in an isolated environment and never supply mainnet private keys to an agent or unknown package.

Review Dimensions

Purpose & Capability: noteThe skill (Grvt Markets) and SKILL.md consistently describe a CLI-based trading integration (grvt-cli) and the commands in the reference files match that purpose. However, the registry metadata lists no required binaries or credentials while the README explicitly requires Node.js >= 20 and installation via pnpm and also requires API and private keys for authenticated actions — this metadata omission is an inconsistency (likely sloppy packaging) that reduces transparency.
Instruction Scope: concernThe SKILL.md directs the agent/user to install and run a third‑party CLI that performs authenticated trading operations and EIP‑712 signing. It explicitly instructs manual or interactive setup for entering API keys and private keys and notes that keys are written to ~/.config/grvt/config.toml in plaintext (0600). While the instructions do not attempt to exfiltrate data, they do put the agent/user in a position to provide highly sensitive secrets; the skill text warns about this but does not restrict or provide safer alternatives (e.g., using limited-scope API keys).
Install Mechanism: noteThe skill is instruction‑only and has no platform install spec, but SKILL.md instructs installing @madeinusmate/grvt-cli via pnpm (npm registry). Installing an unvetted community npm package is a moderate risk: npm packages can execute arbitrary code. The SKILL.md includes a clear community‑project disclaimer, but the manifest does not declare installation requirements, which reduces transparency.
Credentials: concernThe manifest declares no required environment variables or primary credential, but the CLI requires an API key and (for write operations) an Ethereum private key and stores session cookies and keys in the config file. The absence of declared credentials in the skill metadata is disproportionate and inconsistent with the documented need for secrets. Additionally, storing private keys in plaintext (even with 0600) is sensitive and increases risk if the host is compromised.
Persistence & Privilege: okThe skill is not marked always:true and does not request persistent installation by the registry; it is an instruction‑only skill. It does not declare any elevated platform privileges. Autonomous invocation is allowed (default) but is not combined with other high‑privilege settings.