Skillv1.0.18

ClawScan security

Noya Agent Skill · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignApr 16, 2026, 2:49 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's requests and instructions are consistent with its stated purpose (a Noya crypto agent); it asks only for a Noya API key and uses curl/jq to call Noya endpoints, but users should be aware that conversational context and wallet/portfolio data may be sent to Noya and that storing the key in config is suggested in the docs.
Guidance: This skill appears to be what it claims: a curl/jq-based integration with Noya. Before installing: (1) understand that conversational context (and potentially wallet/portfolio data) will be sent to Noya's servers when you use the agent — avoid sending secrets you don't want shared; (2) create a short-lived API key, and revoke it if compromised; (3) prefer setting NOYA_API_KEY in a secure environment (process env or a vault) instead of storing it in plaintext in ~/.openclaw/openclaw.json; (4) confirm any on-chain transaction prompts before approving (the skill claims it will request confirmation); and (5) verify you trust the operator at agent.noya.ai since this skill routes sensitive crypto-related queries and commands to that service.

Review Dimensions

Purpose & Capability: okName/description match the behaviour: the skill calls Noya's Agent API for conversational agent actions (requires NOYA_API_KEY) and uses public data endpoints without auth. Required binaries (curl, jq) are appropriate for the curl-based workflow and the included noya-message.sh script.
Instruction Scope: noteSKILL.md instructs the agent to hand off conversation context to Noya (POST /api/openclaw/system-message) and to use noya-message.sh for streaming messages. That is coherent for a conversational trading agent, but it means potentially sensitive context (conversation history, preferences, portfolio info) and replies from Noya will be transmitted to the third-party service. The script also reads /etc/timezone or /etc/localtime for timezone info — benign but outside pure API semantics.
Install Mechanism: okNo install spec; this is instruction-only with a small included shell script. Nothing is downloaded from external or untrusted URLs and no archives are extracted.
Credentials: noteThe only credential is NOYA_API_KEY (declared as primary). This is proportional for agent endpoints. SKILL.md suggests storing the API key in ~/.openclaw/openclaw.json (plaintext config example) — convenient but increases exposure; use short-lived keys and safer secret storage if possible.
Persistence & Privilege: okalways is false and the skill does not request system-wide privileges. It suggests adding an entry in the OpenClaw config for its own key (normal). Autonomous invocation is allowed by default but that is the platform norm; the skill includes interrupt/confirmation handling for execution of on-chain actions.