Skillv0.2.12

ClawScan security

MistTrack Skills · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 30, 2026, 10:37 AM

Verdict: Benign
Confidence: high
Model: gpt-5-mini
Summary: The skill appears internally consistent with its stated purpose (AML/risk checks + optional x402 pay-per-use) — the network calls, optional API key, and payment signing code match the description; the main risk is the optional on-chain signing capability, which is documented and constrained but should be handled carefully.
Guidance: This skill is coherent with its described purpose, but take these precautions before installing or enabling it in an agent pipeline: - Verify source: registry metadata in the package header claims unknown source/homepage while embedded metadata/README reference a GitHub repo — confirm the canonical repository (and review it) before trusting the package. - Prefer using MISTTRACK_API_KEY (read-only) for routine checks. Do not provide private keys unless you intentionally need on-chain signing. - If you must use x402 payments: store the private key in a file with strict permissions (chmod 600) and pass it only via --key-file when running pay.py; avoid placing private keys in environment variables or command-line args. The package already refuses X402_PRIVATE_KEY env var and enforces a $1 USDC hard cap per call, but these mitigations do not eliminate risk if the agent autonomously calls pay.py with a key file. - On agent platforms: ensure the payment sub-skill is not invoked autonomously (platforms that honor disable_model_calls can block it; others may not). Never enable automated "--auto" payment flows in production. - Audit the scripts before running in production (they perform network calls to https://openapi.misttrack.io and signing operations). Run them in an isolated/test account first to validate behavior and rate limits. If you want, I can: (1) point out exactly where pay.py enforces the $1 cap and where it checks/refuses an env var, (2) search the code for any other network endpoints, or (3) produce a minimal checklist you can follow when enabling this skill in an automated wallet pipeline.

Review Dimensions

Purpose & Capability: noteThe name/description (MistTrack AML + on-chain tracing) aligns with what the code does: the scripts call openapi.misttrack.io for risk_score/address_labels and include an optional pay.py to perform x402 EVM/Solana signing. One minor inconsistency: registry-level metadata in the submission header lists source/homepage as unknown/none, while metadata.json/README claim a GitHub origin — verify the real source before trusting.
Instruction Scope: noteSKILL.md and the scripts stay within the declared purpose: read-only AML lookups use MISTTRACK_API_KEY and call MistTrack endpoints; the payment flow (pay.py) explicitly reads a key file and signs x402 payments. The payment behavior is a higher-privilege action (sign+broadcast) but it is documented, enforces a $1 USDC per-call hard cap, and refuses an X402_PRIVATE_KEY env var. Platforms that permit autonomous model invocation may still cause unattended payments if an operator supplies --key-file and allows auto flags; the package documents this risk and recommends blocking autonomous calls for payment flows.
Install Mechanism: okInstruction-only skill with Python scripts; no installer or remote archive downloads. Dependencies are documented via requirements.txt/requirements-pay.txt. No high-risk install URLs or opaque installers observed.
Credentials: okOnly an optional MISTTRACK_API_KEY is declared. The payment path requires a private key file passed explicitly via --key-file; the package explicitly refuses an environment-based private key. No unrelated credentials or broad environment access are requested.
Persistence & Privilege: okalways:false and no evidence the skill requests permanent system presence or modifies other skill configs. The package does not request platform-level privileges. Autonomous invocation is allowed by default (normal for skills) — note this only matters if you enable payment automation.