v1.0.2

Envy Trading System

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 8:05 AM.

Analysis

This is a coherent crypto-trading skill, but it should be reviewed carefully because it stores wallet keys and can automatically authorize payments or live trades.

GuidanceReview this carefully before installing. It appears aligned with its crypto-trading purpose, but use paper mode first, keep only limited funds in any generated wallet, never run the wallet-export command in chat, inspect saved strategy files, and confirm the controller is stopped when you do not want automated trading.

Findings (6)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation

SeverityHighConfidenceHighStatusConcern

envy.js

const amount = BigInt(req.maxAmountRequired);
...
const signature = await wallet.signTypedData(USDC_DOMAIN, TRANSFER_WITH_AUTH_TYPES, message);
...
const headers = { 'X-PAYMENT': encoded, ...(opts.headers || {}) };

When no API key is present, paid calls automatically use the local wallet to sign an x402 payment authorization based on the server-provided amount.

User impactA normal API request can become an on-chain payment flow, spending USDC from the local wallet without a separately evidenced per-payment approval or client-side spending cap.

RecommendationPrefer an API key for paid endpoints, keep only small amounts of USDC in the generated wallet, and confirm pricing and balances before running paid commands.

Tool Misuse and Exploitation

SeverityHighConfidenceHighStatusConcern

controller.js

executor: paper                  # paper | hyperliquid | auto
confirm: false                   # require human confirmation before trades?

The controller supports live Hyperliquid execution modes, and the default generated configuration disables trade confirmation.

User impactLive mode is not the default, but once enabled the controller can route trades using saved strategies and risk rules without an obvious per-trade human confirmation step.

RecommendationBefore switching to Hyperliquid, set conservative risk limits, consider enabling confirmation if supported, start with paper trading, and monitor the controller closely.

Rogue Agents

SeverityMediumConfidenceHighStatusNote

monitor.js

const MAX_RECONNECT_ATTEMPTS = 50;
...
this.running = true;
this.connect();

The monitor is designed as a long-running WebSocket process with reconnect behavior, which is expected for live signal monitoring but should be noticed.

User impactAfter being started, the monitor may continue producing signal events until stopped, which can feed the trading controller.

RecommendationKnow how to stop the monitor/controller, and verify no live trading process remains running when you are done.

Agentic Supply Chain Vulnerabilities

SeverityLowConfidenceHighStatusNote

package.json

"dependencies": {
    "ethers": "^6.0.0",
    "ws": "^8.0.0",
    "yaml": "^2.0.0"
  }

The skill depends on external npm packages with version ranges, and no lockfile is included in the manifest.

User impactInstalling dependencies may fetch newer compatible package versions than the author originally tested.

RecommendationInstall in an isolated environment, review dependency versions, and consider pinning or locking dependencies before using the wallet or live trading features.

Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse

SeverityHighConfidenceHighStatusConcern

envy.js

fs.writeFileSync(WALLET_FILE, JSON.stringify({
    address: wallet.address,
    privateKey: wallet.privateKey,
    mnemonic: wallet.mnemonic.phrase,
  }, null, 2));

The skill creates and stores an unencrypted wallet private key and mnemonic in wallet.json, which is high-impact credential material for payments and trading.

User impactAnyone or any process with access to the skill directory could read the wallet secret and potentially control funds associated with that wallet.

RecommendationUse a dedicated low-balance wallet, protect the skill directory, avoid sharing wallet output in chat, and do not fund the wallet beyond what you are prepared to risk.

Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Memory and Context Poisoning

SeverityMediumConfidenceHighStatusConcern

SKILL.md

`assemble` → auto-saves to `strategies/{coin}.yaml` (archives old version if exists)
- The signal monitor auto-discovers strategies from `strategies/`

Strategy files are persistent context that the monitor later auto-discovers and uses as trading logic.

User impactA saved or overwritten strategy can influence future monitor/controller behavior, including live trading if the user later switches executors.

RecommendationReview strategy YAML files before starting the monitor or going live, and clear or archive strategies you do not intend to trade.