Back to skill
Skillv1.3.1
ClawScan security
Agent-Powered Carbon Credit Trading & CBAM Compliance · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
SuspiciousApr 15, 2026, 7:08 AM
- Verdict
- suspicious
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill's purpose (autonomous carbon-credit trading) aligns with the single declared credential, but the SKILL.md contains contradictory statements about sandbox vs production usage and lacks clarity about whether examples will run live — this ambiguity could lead to unintended real-money trades if you supply a real API key or allow autonomous invocation.
- Guidance
- Before installing or enabling this skill: 1) Ask the publisher to clarify whether examples default to sandbox or production and request explicit instructions or flags to prevent accidental use of production endpoints. 2) Never supply a real production GREENHELIX_API_KEY until you confirm the skill will only use a sandbox or read-only/test account. Use a scoped API key with the minimum permissions (ideally sandbox-only or read-only). 3) Review the SKILL.md code examples yourself (or ask for the exact example endpoints) to confirm endpoints and default base URLs. 4) If you allow autonomous invocation, require explicit human approval before any live trade, retirement, or escrow action; prefer manual invocation until you’ve thoroughly tested in sandbox. 5) Monitor logs and set quotas/alerts on the GreenHelix account for unexpected transactions. If the publisher cannot clearly explain the sandbox/production behavior and safe defaults, treat the skill as higher risk and avoid giving it production credentials.
Review Dimensions
- Purpose & Capability
- noteThe declared primary credential (GREENHELIX_API_KEY) is coherent with a carbon-credit trading gateway. However the guide contains conflicting statements: it repeatedly says examples work with the GreenHelix sandbox that 'requires no API key', but elsewhere says 'Every code example runs against the production API.' That conflict is meaningful for a trading system where production API keys enable live financial actions.
- Instruction Scope
- concernThis is an instruction-only skill containing detailed code examples and runtime guidance. The SKILL.md claims illustrative, non-executing examples but also provides production-targeted examples and agent patterns for autonomous trading, MRV verification, escrow, retirement, and dispute resolution. Those patterns can perform networked, state-changing operations (trades, retirements), so ambiguous defaults (sandbox vs production) and lack of explicit 'do-not-execute' safeguards are a risk: an agent using the supplied GREENHELIX_API_KEY could perform live transactions.
- Install Mechanism
- okNo install spec and no code files — instruction-only. This minimizes filesystem/install risk because nothing is downloaded or installed by the skill itself.
- Credentials
- noteOnly one environment variable (GREENHELIX_API_KEY) is required, which is proportionate for a gateway-integrated trading skill. The concern is not the number of credentials but that the SKILL.md's contradictory sandbox/production statements could cause a user to provide a real production API key when a sandbox key or no key was intended.
- Persistence & Privilege
- okalways:false and default autonomous invocation settings — normal for a skill. The skill does not request persistent or system-wide configuration changes. However, because it enables autonomous trading patterns, combining normal autonomy with the production ambiguity increases potential impact if misused.