Skillv1.0.1

ClawScan security

Radix Explorer · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousFeb 11, 2026, 9:02 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's stated purpose (Radix data queries) is plausible, but it requires installing an npm CLI and registering an opaque third‑party URL (ineedemily.com) to handle queries — a pattern that can route user data to an unknown service and is disproportionate to the declared capability.
Guidance: This skill routes Radix queries through an opaque third‑party service (https://www.ineedemily.com) via an npm-installed CLI (mcporter). Before installing or using it: 1) Verify the mcporter package and the service owner (look for a public repository, npm page, and code audit). 2) Consider using alternative skills that call well-known Radix APIs directly (no opaque intermediary). 3) If you must test it, run installation in an isolated environment (container or VM) and inspect network traffic to see what data is sent. 4) Avoid sending any private keys, sensitive wallet backups, or credentials to the service (the skill does not request them, but the external server will receive whatever queries you issue). 5) If you cannot verify the package and endpoint, treat this skill as untrusted.

Review Dimensions

Purpose & Capability: concernThe skill claims to provide Radix blockchain data, which could be implemented by calling public Radix APIs or explorers. Instead it requires a custom CLI (mcporter) and instructs registering a single external URL (https://www.ineedemily.com/api/mcp/mcp). Requiring an external service and a third‑party CLI is not obviously necessary for the described read-only queries and is disproportionate without provenance for the mcporter package or the remote API.
Instruction Scope: concernThe SKILL.md explicitly tells the agent to run mcporter commands and to add a server URL pointing to an external host. That means user inputs (wallet addresses, token IDs, etc.) will be forwarded to that remote endpoint. The instructions do not require or show use of direct, public Radix RPC endpoints — instead they route queries through an opaque service, which broadens data exfiltration/collection risk.
Install Mechanism: concernThe install step is an npm package named mcporter that creates a binary of the same name. Installing an arbitrary npm package runs third‑party code on the host and can be high risk if the package/source is not verified. The package name and the external URL are not accompanied by a known upstream project or repository link in the SKILL.md, increasing uncertainty.
Credentials: okThe skill does not request environment variables, platform credentials, or config paths beyond installing the mcporter CLI and adding a server URL. There are no declared secrets required, which is proportionate to a read-only data-querying skill.
Persistence & Privilege: noteThe skill does not request always:true and is user-invocable only by default. However the SKILL.md instructs adding a server entry to the mcporter config (mcporter config add emily-radix-assistant ...), which writes configuration to the user's environment and causes future mcporter calls to target that host. This is normal for a client pointing at a service but it is a persistent registration worth reviewing before proceeding.