Skillv1.0.0

ClawScan security

eToro API · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousFeb 24, 2026, 7:19 PM

Verdict: suspicious
Confidence: high
Model: gpt-5-mini
Summary: The SKILL.md expects user API keys and supports executing real trades, but the skill's declared metadata does not list any required credentials or environment variables — that's an inconsistency you should resolve before trusting it with real funds.
Guidance: This skill's documentation shows it will ask you for an eToro Public API Key and a User Key and can execute real trades — but the registry metadata didn't declare any required credentials. Before installing: (1) confirm the skill's origin (source is listed as unknown despite an eToro homepage link); (2) demand that the publisher declare required credentials in the metadata; (3) for testing only give a demo/virtual User Key with limited permissions (prefer Read-only or demo keys); (4) do not provide real trading keys unless you fully trust the skill and its publisher and you are prepared for the agent to place orders; (5) prefer explicit prompts/consent before any real-trade API call and check logs/confirmations. If the publisher cannot justify why credentials are omitted from metadata, treat the skill as untrusted.

Review Dimensions

Purpose & Capability: concernThe skill's stated purpose (interact with eToro, including executing trades) matches the SKILL.md content. However, the registry metadata declares no required credentials or primary credential, while the runtime instructions clearly require a Public API Key and a User Key (with Real vs Demo environments). This mismatch is unexpected for a trading integration and reduces transparency about what sensitive inputs the skill will request.
Instruction Scope: noteThe SKILL.md stays within the scope of an eToro API client (detailed endpoints, headers, casing rules, demo vs real endpoints, and example requests). It explicitly documents how to perform live trading and demo trading. It does not instruct the agent to read unrelated files or system state. The notable point: it tells the agent to 'request keys from the user on install' (i.e., prompt for secrets) even though those secrets aren't declared in the registry metadata.
Install Mechanism: okThis is an instruction-only skill with no install spec and no code files — nothing is written to disk by an installer, which is lower risk from an install perspective.
Credentials: concernThe runtime instructions require sensitive credentials (Public API Key and User Key) and environment selection (Real vs Virtual) to operate — reasonable for the stated purpose — but the skill metadata lists no required env vars or primary credential. That lack of declared secrets is disproportionate to the documented runtime needs and may hide what the agent will ask the user to provide.
Persistence & Privilege: okThe skill is not marked always:true and defaults allow model invocation (normal behavior). There is no indication the skill will modify other skills or request persistent system-wide privileges.