Back to skill
Skillv1.0.0
ClawScan security
Market Snapshot · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignFeb 15, 2026, 2:13 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's requests and runtime instructions are consistent with its stated purpose: it performs simple GET requests to a known vecstack endpoint and returns stable JSON market snapshots.
- Guidance
- This skill contacts a third-party endpoint (app.vecstack.com) with whatever token identifiers the user provides and returns that service's snapshot as JSON. It asks for no credentials and does not access local files, but you should: (1) avoid sending any sensitive strings (private keys, wallet seeds) as query input, (2) review vecstack's privacy/terms if you care about logging, and (3) be aware that cached URLs may be reused unless you append a cache-buster for fresh data. Overall the skill appears coherent for its purpose.
Review Dimensions
- Purpose & Capability
- okThe name/description say it will fetch Jupiter-backed market snapshots; the SKILL.md only requires calling a vecstack API endpoint and returning JSON. There are no unrelated binaries, credentials, or config paths requested.
- Instruction Scope
- noteInstructions are narrowly scoped to doing HTTP GETs to https://app.vecstack.com/api/skills/market-snapshot, parsing the JSON, and returning a structured JSON object. The skill does not instruct reading local files or environment variables. Important privacy note: user token queries (symbols/names/mints) are sent to the third-party vecstack endpoint and may be logged by that service.
- Install Mechanism
- okNo install spec or code files — instruction-only. Nothing is written to disk or fetched during install.
- Credentials
- okThe skill declares no environment variables or credentials and its instructions do not require any secrets. This is proportionate to a read-only market-data fetcher.
- Persistence & Privilege
- okalways is false and the skill does not request persistent system-wide privileges or modify other skills' configurations. Autonomous invocation is allowed (platform default) but not excessive here.