Skillv1.0.3

ClawScan security

Claw Trader Lite · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

BenignFeb 18, 2026, 8:22 PM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's code and instructions match its read-only market-monitoring description; it uses public Hyperliquid and LNMarkets APIs and does not request broad privileges — only a single optional env var is referenced but not required.
Guidance: This skill appears to be what it claims: a read-only market monitor. Before installing, note that: (1) if you set HYPERLIQUID_ACCOUNT_ADDRESS the skill will read that env var to retrieve balances/positions — do not set it if you don't want your public wallet looked up; (2) LN Markets authenticated endpoints are not included in this Lite version; (3) the package has no install script beyond 'pip install requests' but the source and homepage are unknown — if you need higher assurance, review the provided claw_lite.py source yourself or only install from a trusted registry. Also be cautious about the textual prompts in the example (they reference an external bot for a 'Pro' upgrade); those are not executed by the code but indicate an external contact for paid upgrades.

Purpose & Capability: okThe Python code implements read-only monitoring for Hyperliquid and LN Markets as described: fetching public price endpoints and returning balances/positions for Hyperliquid when a public wallet address is provided. There are no unexpected services accessed.
Instruction Scope: noteSKILL.md and the code stay within the stated read-only scope. One minor inconsistency: the SKILL.md documents an optional HYPERLIQUID_ACCOUNT_ADDRESS env var and instructs how to set it, while the registry metadata lists no required env vars. The code will read HYPERLIQUID_ACCOUNT_ADDRESS from the environment if present.
Install Mechanism: okThere is no install spec and the only dependency is the standard requests library (SKILL.md suggests pip install requests). No downloads from untrusted URLs or archive extraction are present.
Credentials: noteThe skill does not request credentials in the registry, but the code and SKILL.md optionally use HYPERLIQUID_ACCOUNT_ADDRESS (a public wallet address) to show balances/positions. This is proportionate to the feature, but the registry/metadata omission is an inconsistency to be aware of.
Persistence & Privilege: okThe skill does not request always:true, does not modify other skills or system configs, and has no persistent install steps. It runs in-process and makes outbound API requests only to the documented platform endpoints.